Logstash systemd issue

kashif.alig · November 16, 2017, 5:07pm

Hi
I am setting up ELK stack for bro. I am testing logstash with file input and output plugin and using logstash-5.6.4-1.
I can start logtash with
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/bro.conf --config.reload.automatic

and it produces expected output

but if I start logstash with systemctl then logstash does not produce any output and
systemctl status logstash gives this output

logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2017-11-16 16:28:35 GMT; 3min 32s ago
Main PID: 2609 (java)
CGroup: /system.slice/logstash.service
└─2609 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplic...

Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.jruby.Main.main(Main.java:197)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: Caused by: java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender...g.Rollin
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.AbstractManager.getManager(AbstractManager.java:75)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.OutputStreamManager.getManager(OutputStreamManager.java:81)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.getFileManager(RollingFileMan...ava:103)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: at org.apache.logging.log4j.core.appender.RollingFileAppender.createAppender(RollingFileAppender.java:191)
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: ... 98 more
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,801 main ERROR Null object returned for RollingFile in Appenders.
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,802 main ERROR Null object returned for RollingFile in Appenders.
Nov 16 16:28:46 cloudnet.physics.ox.ac.uk logstash[2609]: 2017-11-16 16:28:46,803 main ERROR Unable to locate appender "plain_rolling" for logger config "root"

systemd file for logstash is

[Unit]
Description=logstash

[Service]
Type=simple
User=logstash
Group=logstash

Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.

Prefixing the path with '-' makes it try to load, but if the file doesn't

exist, it continues onward.

EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384

[Install]
WantedBy=multi-user.target

The above file is part of the rpm. Has anyone seen this issue?

Thanks
Kashif

system · December 14, 2017, 5:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash service doesn't output logs, command line does Logstash	2	4974	July 19, 2017
Run logstash as service giving error Logstash	6	3912	August 9, 2020
Systemctl start logstash does nothing Logstash	7	2291	December 30, 2021
Systemctl logstash.service pipeline problem Logstash	8	935	December 9, 2019
Logstash 5.4 service starts but logging to /var/log/logstash fails Logstash	1	1096	June 6, 2017

Logstash systemd issue

Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.

Prefixing the path with '-' makes it try to load, but if the file doesn't

exist, it continues onward.

Related topics