I'm looking for a little help troubleshooting a LogStash Docker issues. I'm using Docker ELK and having trouble with Logstash receiving any data and more specifically syslog data. I've confirmed that the host is receiving the syslog data. The Docker port is open and I can see LogStash is listening so I'm assuming the events are hitting the system. I've also enabled LogStash debugging and have no visible errors. There are currently no active firewalls. I've attempted to send data via the logger(echo"access denied"|logger -t myservice -P 8514) command in the container itself with with no success.
input {
tcp {
port => 5000
}
}
input {
syslog {
port => 8514
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
host => "10.0.11.102:9200"
user => "elastic"
password => "changeme"
}
}
[2020-12-01T19:40:42,860][INFO ][logstash.inputs.syslog ][main][88d3dba5b4730c7acb5ca8ae1b588de2e9e85537465ab6494194113b9d704e03] Starting syslog udp listener {:address=>"0.0.0.0:8514"}
[2020-12-01T19:40:42,867][INFO ][logstash.inputs.syslog ][main][88d3dba5b4730c7acb5ca8ae1b588de2e9e85537465ab6494194113b9d704e03] Starting syslog tcp listener {:address=>"0.0.0.0:8514"}