Logstash is not listening on any port

Elastic Stack Logstash
1

hello all,

I installed Elasticsearch/Logstash/Kibana on CentOS 7 .
Kibana and Elasticsearch works fine.
Logstash version logstash-2.2
I have an issue with the Logstash – it is not listening on the input ports
I created new logstash config file: /etc/logstash/conf.d/logstash.conf
I tested the config file with service logstash configtest and got Configuration OK
There are no errors at /var/log/logstash/logstash.log or /var/log/logstash/logstash.err
I have another CentOS 7 server which Logstash woks there fine with same config life.
This is the logstash.conf file content:
input {
lumberjack {
port => 5043
type => "haproxy"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

input {
tcp {
type => "VMware"
port => "5000"
}
}

filter {
if [type] == "haproxy" {
grok {
match => ["message", "%{HAPROXYHTTP}"]
}
}
if [type] == "VMware" {
grok {
break_on_match => true
match => [
"message", "<%{POSINT:syslog_pri}>%{TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{SYSLOGPROG:syslog_program}: (?(?<message_system_info>(?:[%{DATA:message_thread_id} %{DATA:syslog_level} '%{DATA:message_service}'\ ?%{DATA:message_opID}])) [%{DATA:message_service_info}]\ (?<syslog_message>(%{GREEDYDATA})))",
"message", "<%{POSINT:syslog_pri}>%{TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{SYSLOGPROG:syslog_program}: (?(?<message_system_info>(?:[%{DATA:message_thread_id} %{DATA:syslog_level} '%{DATA:message_service}'\ ?%{DATA:message_opID}])) (?<syslog_message>(%{GREEDYDATA})))",
"message", "<%{POSINT:syslog_pri}>%{TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{SYSLOGPROG:syslog_program}: %{GREEDYDATA:syslog_message}"
]
}
}
}

output {
elasticsearch { hosts => localhost }
stdout { codec => rubydebug }
}

Thanks

2

Have you checked with e.g. netstat or lsof whether something's listening on those ports? Could there by a firewall blocking the access? Have you started Logstash with --debug to make sure it's seeing the configuration you expect it to?

3

#I checked with netstat and no one is listening on the input port 5043:
netstat -anp | grep 5043
unix 3 [ ] STREAM CONNECTED 61504390 20518/systemd-journ /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 61504389 29322/python

#I checked with telnet to the local host so no firewall is involved:
telnet 127.0.0.1 5043
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

#I allowed the port in the firewall and stopped the firewall:
firewall-cmd --zone=public --add-port=5043/tcp --permanent
firewall-cmd --list-all
ports: 9200/tcp 5601/tcp 5043/tcp 5000/tcp 9300/tcp
#still I get:
telnet 127.0.0.1 5043
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

4

I started logstash with debug

service logstash start --debug
logstash started.

5

Did you get this resolved? I hope so it's been almost a year. =) I am having a similar issue with the beats plugin.