Hi there, I have 2 Logstash servers that recieve logs from different systems such as Windows and Linux machines and some networks systems such Firewalls, Switches, etc.
The problem is that every 2-3 days the logstash process stops on both servers and in fact no more logs are forwarded until I start the service again.
In /var/log/logstash/logstash.err I can see the following message, I suppose that the problem comes from syslog input? Can I do something to fix that? May be should I look in an another log file?
tcp_receiver at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:173
tcp_listener at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:159
Errno::EBADF: Bad file descriptor - Bad file descriptor
each at org/jruby/RubyIO.java:3542
tcp_receiver at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:173
tcp_listener at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:159
log writing failed. Bad file descriptor - Bad file descriptorlog writing failed. Bad file descriptor - Bad file descriptorErrno::EBADF: Bad file descriptor - Bad file descriptor
each at org/jruby/RubyIO.java:3542
tcp_receiver at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:173
tcp_listener at /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-2.0.2/lib/logstash/inputs/syslog.rb:159