Logstash - port closed

Elastic Stack Logstash
1

Hi,
I have problem with logstash - service is running, but port 10515 isnt open :frowning:

Here is my logstash.conf:

input {
udp {
host => "192.168.201.30"
port => 10514
codec => "json"
type => "rsyslog"
}
}
filter { }
output {
if [type] == "rsyslog" {
elasticsearch {
hosts => [ "192.168.201.30:9200" ]
}
}
}

Error from log:
[2017-11-30T15:33:01,581][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, => at line 42, column 5 (byte 903) after input {\ntcp {\nport => 514\ntype => syslog\n}\nudp {\ntype => syslog\nport => 514$

Where is problem?
Thanks

2

I'm a noob at Logstash, but I'll take a shot: could you try putting quotation marks around the port number? I've noticed some of the Logstash docs specify it as a number (https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html) and others as a string (https://www.elastic.co/guide/en/logstash/6.0/advanced-pipeline.html), at least when using beats. Not sure why, specifically, but I feel like it would be better if they standardized it as a number and then converted it to a string somewhere else if they need to.

Edit: Are you saying the port isn't actually open at all? If it isn't, I think that's something you'd have to configure on your system itself.

3

Acccording to the error message Logstash is trying to load a configuration file containing "port => 514". That's not the configuration you posted. Does that come from an extra config file in /etc/logstash/conf.d?

4

Thansk for help.
In conf.d i have only logstash.conf. after apt-get upgrade logstash is service ok:

[2017-12-04T16:23:55,521][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.201.30:9200/, :path=>"/"}
[2017-12-04T16:23:55,626][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://192.168.201.30:9200/"}
[2017-12-04T16:23:55,685][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-12-04T16:23:55,692][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_a$
[2017-12-04T16:23:55,699][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.201.30:9200"]}
[2017-12-04T16:23:55,701][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-12-04T16:23:56,384][INFO ][logstash.pipeline ] Pipeline main started
[2017-12-04T16:23:56,416][INFO ][logstash.inputs.udp ] Starting UDP listener {:address=>"192.168.201.30:10514"}
[2017-12-04T16:23:56,439][INFO ][logstash.inputs.udp ] UDP listener started {:address=>"192.168.201.30:10514", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
[2017-12-04T16:23:56,488][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.