Logstash not listening on port 5044

fastxl · September 6, 2019, 7:22pm

I have setup a ELK node that I want to send some logs to via WinLogBeats. Using Ubuntu 18 server. I can ping the node by the ip address and the FQDN, but when I do a Test-NetConnection via powershell it fails. When I do a netstat -an | grep 5044 I get nothing. My input file is

input {
   beats {
        port => 5044
}
   udp { 
        type => pfLogs
        port => 5140
 }
}

No firewall running. Not sure what to try.

spuder · September 6, 2019, 9:22pm

Try running netstat -plnt to show all listening services on the logstash server.

It could be that the service is not bound to a public ip.
It could be that it is only listening on ipv6

Post the output here.

fastxl · September 9, 2019, 1:53pm

Appears that it is listening on TCP6 but not TCP?

Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:5601          0.0.0.0:*               LISTEN      678/node
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      534/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      726/sshd
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      745/nginx: master p
    tcp6       0      0 127.0.0.1:9600          :::*                    LISTEN      658/java
    tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      654/java
    tcp6       0      0 :::5044                 :::*                    LISTEN      658/java
    tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      654/java
    tcp6       0      0 :::22                   :::*                    LISTEN      726/sshd

After disabling IPV6 it seems to be listening on tcp 5044 now

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:9200          0.0.0.0:*               LISTEN      650/java
    tcp        0      0 0.0.0.0:5044            0.0.0.0:*               LISTEN      667/java
    tcp        0      0 127.0.0.1:9300          0.0.0.0:*               LISTEN      650/java
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      533/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      707/sshd
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      738/nginx: master p
    tcp        0      0 127.0.0.1:9600          0.0.0.0:*               LISTEN      667/java
    tcp        0      0 127.0.0.1:5601          0.0.0.0:*               LISTEN      655/node

system · October 7, 2019, 1:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.