Logstash Stdout empty

Elastic Stack Logstash
1

Hi there, i'm having issues with a recent configuration on my logstash and i can't understand why it's not working.
I have multiple configuration files running, and working. This one was working also as of a week ago, but we changed the source IP that was sending the logs, that is all, so we updated the filter in our configuration file and nothing is showinf anymore.

# FIle
input {
  udp {
    port => 10000
  }
}

filter {
# empty for now
}

output {
  stdout { codec => rubydebug { metadata => true } }

  kafka {
    ...
  }
}

Pretty basic configuration, please ignore the "..." under kafka, that is working i just removed it here for clarity.

If i do a tcpdump on the port we receive the logs, the server is listeneing on the port on udp, but i never see anything via the stdout and i can't understand why. Any ideas please?

2

but we changed the source IP that was sending the logs, that is all, so we updated the filter in our configuration file and nothing is showinf anymore.

Most likely a firewall issue. LS doesn't filter anything which arrive to the port 10000.

3

Hi, thank you for your reply. I don't understand how can this be firewall related, traffic is coming, we see it through tcpdump.

4

Is tcpdump on the same host where is LS?
Is the UDP port 10000 correct?
Can you check did LS start listener on port 10000? by netstat and also should be visible in LS log.

You must have some trace, something is not OK.
input is simple, filter is empty, output shows rubydebug ... simpliest cannot be.

The firewall can block the traffic, if you change source address and rules were set like that.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.