Logstash service doesn't output logs, command line does

leoponton · June 21, 2017, 3:28pm

Okay, I seem to have fixed this. There were a couple or three problems:

In /etc/systemd/system/logstash.service,
I had to change
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
to
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/usr/share/logstash/config"

then
sudo systemctl daemon-reload

The logging directory, /var/log/logstash was root:root and the logs therein were logstash:root so I chown'd both to logstash:logstash

Logstash was trying to listen on 514 & 5514 which didn't work as the logstash user (no permission) so I used iptables to forward 514 to 5514, viz:

 sudo iptables -N PREROUTING
 sudo iptables -t nat -A PREROUTING -p UDP -m udp --dport 514 -j REDIRECT --to-ports 5514
 sudo iptables -t nat -A PREROUTING -p TCP -m tcp --dport 514 -j REDIRECT --to-ports 5514
 iptables-save

I think that was all.

Topic		Replies	Views
Logstash Output dosent publishes logs while using systemctl Logstash	7	1071	August 6, 2020
Logstash.conf doesnt work when run as service but runs otherwise Logstash	5	1612	June 21, 2019
Logstash service problem Logstash	1	204	October 22, 2020
Systemctl start logstash does nothing Logstash	7	2368	December 30, 2021
Logstash running as service is not sending logs Logstash	7	2233	December 20, 2019

Logstash service doesn't output logs, command line does

Related topics