Hi
I am setting up ELK stack for bro. I am testing logstash with file input and output plugin and using logstash-5.6.4-1.
I can start logtash with
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/bro.conf --config.reload.automatic
and it produces expected output
but if I start logstash with systemctl then logstash does not produce any output and
systemctl status logstash gives this output
logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2017-11-16 16:28:35 GMT; 3min 32s ago
Main PID: 2609 (java)
CGroup: /system.slice/logstash.service
└─2609 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplic...
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.jruby.Main.main(Main.java:197)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: Caused by: java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender...g.Rollin
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.AbstractManager.getManager(AbstractManager.java:75)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.OutputStreamManager.getManager(OutputStreamManager.java:81)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.getFileManager(RollingFileMan...ava:103)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.RollingFileAppender.createAppender(RollingFileAppender.java:191)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: ... 98 more
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,801 main ERROR Null object returned for RollingFile in Appenders.
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,802 main ERROR Null object returned for RollingFile in Appenders.
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,803 main ERROR Unable to locate appender "plain_rolling" for logger config "root"
systemd file for logstash is
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
Prefixing the path with '-' makes it try to load, but if the file doesn't
exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
The above file is part of the rpm. Has anyone seen this issue?
Thanks
Kashif