Logstash service doesn't output logs, command line does

leoponton · June 21, 2017, 3:28pm

Okay, I seem to have fixed this. There were a couple or three problems:

In /etc/systemd/system/logstash.service,
I had to change
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
to
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/usr/share/logstash/config"

then
sudo systemctl daemon-reload

The logging directory, /var/log/logstash was root:root and the logs therein were logstash:root so I chown'd both to logstash:logstash

Logstash was trying to listen on 514 & 5514 which didn't work as the logstash user (no permission) so I used iptables to forward 514 to 5514, viz:

 sudo iptables -N PREROUTING
 sudo iptables -t nat -A PREROUTING -p UDP -m udp --dport 514 -j REDIRECT --to-ports 5514
 sudo iptables -t nat -A PREROUTING -p TCP -m tcp --dport 514 -j REDIRECT --to-ports 5514
 iptables-save

I think that was all.

Topic		Replies	Views
Logstash running as service is not sending logs Logstash	7	2302	December 20, 2019
Logstash.conf doesnt work when run as service but runs otherwise Logstash	5	1651	June 21, 2019
Cannot Run Logstsh as a service Logstash	3	438	November 11, 2018
New installed Logstash not work as service Logstash	3	1538	December 26, 2016
Logstash as a service config not working Logstash	7	4582	March 19, 2020

Logstash service doesn't output logs, command line does

Related topics