Logstash output question

sh-4.2$ sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/firewall.conf
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2022-07-07 17:54:09.378 [main] runner - Starting Logstash {"logstash.version"=>"8.2.3", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.15+10 on 11.0.15+10 +indy +jit [linux-x86_64]"}
[INFO ] 2022-07-07 17:54:09.385 [main] runner - JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[WARN ] 2022-07-07 17:54:09.677 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2022-07-07 17:54:10.880 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9601, :ssl_enabled=>false}
[INFO ] 2022-07-07 17:54:11.515 [Converge PipelineAction::Create] Reflections - Reflections took 80 ms to scan 1 urls, producing 120 keys and 395 values
[INFO ] 2022-07-07 17:54:12.026 [Converge PipelineAction::Create] javapipeline - Pipeline main is configured with pipeline.ecs_compatibility: v8 setting. All plugins in this pipeline will default to ecs_compatibility => v8 unless explicitly configured otherwise.
[INFO ] 2022-07-07 17:54:12.146 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["/etc/logstash/conf.d/firewall.conf"], :thread=>"#<Thread:0x6ad41d14 run>"}
[INFO ] 2022-07-07 17:54:12.762 [[main]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>0.61}
[INFO ] 2022-07-07 17:54:12.790 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2022-07-07 17:54:12.892 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[INFO ] 2022-07-07 17:54:12.953 [[main]<udp] udp - Starting UDP listener {:address=>"192.168.56.67:514"}
[INFO ] 2022-07-07 17:54:12.979 [[main]<udp] udp - UDP listener started {:address=>"192.168.56.67:514", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}

then the cursor just blinks trying to figure out why i am not getting any output my output is set to std.

logstash is running and waiting for data. What does your firewall.conf configuration look like?

like this
input {
udp {
host => "10.0.56.67"
port => 514
}

}

filter {}

output {
stdout {}

}

You say your filter has host => "10.0.56.67" but the log says logstash is listening on :address=>"192.168.56.67:514". Either way, I don't think any UDP packets are being sent, or they are blocked by a firewall, etc.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.