Logstash netflow module - no logstash.yml?

Hello,

I recently installed the elastic stack following the information on the site.

Debian packages following the instructions;
1,2 and 3
https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html

then followed this guide;
https://www.elastic.co/guide/en/logstash/current/netflow-module.html

It's reporting the logstash.yml file is not found...

root@tethys:/usr/share/logstash# bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=2055
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-01-24 12:08:19.134 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-01-24 12:08:19.152 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.5.4"}
[INFO ] 2019-01-24 12:08:20.053 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulescommon - Setting up the netflow module
[ERROR] 2019-01-24 12:08:20.755 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2019-01-24 12:08:20.995 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2019-01-24 12:08:21.169 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] sourceloader - Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: ["localhost:9200"] and Kibana hosts: ["localhost:5601"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:108:in block in pipeline_configs'", "org/jruby/RubyArray.java:1734:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:54:in pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source/modules.rb:14:inpipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:61:in block in fetch'", "org/jruby/RubyArray.java:2481:incollect'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:60:in fetch'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:150:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:101:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in block in initialize'"]} [ERROR] 2019-01-24 12:08:21.181 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"localhost:5601\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/agent.rb:157:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:101:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[INFO ] 2019-01-24 12:08:21.497 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
root@tethys:/usr/share/logstash#

It's definitely there...

root@tethys:/usr/share/logstash# ls -al /etc/logstash/
total 48
drwxrwxr-x 3 logstash logstash 4096 Jan 24 12:05 .
drwxr-xr-x 85 root root 4096 Jan 24 11:31 ..
drwxr-x--- 2 logstash logstash 4096 Jan 24 11:09 conf.d
-rw-r--r-- 1 logstash logstash 1846 Dec 18 09:02 jvm.options
-rw-r--r-- 1 logstash logstash 4568 Dec 18 09:02 log4j2.properties
-rw-r--r-- 1 logstash logstash 342 Dec 18 09:02 logstash-sample.conf
-rw-r--r-- 1 logstash logstash 8481 Jan 24 11:57 logstash.yml
-rw-r--r-- 1 logstash logstash 285 Dec 18 09:02 pipelines.yml
-rw------- 1 logstash logstash 1696 Jan 24 12:05 startup.options
root@tethys:/usr/share/logstash#

I don't think it's a permissions issue, any other ideas?

Thanks in advance

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.