Logstash tcp input issue


(sandeep) #1

Hi,

I'm trying to transfer wso2carbon logs to elk using tcp input plugin

my config for wso2 log4jproperties file.

#TCP logger pattern
log4j.appender.tcp=org.apache.log4j.net.SocketAppender
log4j.appender.tcp.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout

ConversionPattern will be overridden by the configuration setting in the DB

log4j.appender.tcp.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
log4j.appender.tcp.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.tcp.Port=6000
log4j.appender.tcp.RemoteHost=localhost
log4j.appender.tcp.ReconnectionDelay=10000
log4j.appender.tcp.threshold=DEBUG
log4j.appender.tcp.Application=wso2carbon

Config for logstash.conf

input {
tcp {
mode => server
port => 6000
add_field =>
type => "wso2carbon"
}
}
}

I'm successfully getting messages from wso2carbon. but the message like encrypted format. like below.

{
"message" => "threadNameq\u0000~\u0000\u0001L\u0000\rthrowableInfot\u0000+Lorg/apache/log4j/spi/ThrowableInformation;xp\u0000\u0000\u0000\u0000\u0001c\xD9\xC9\xF3,t\u0000Forg.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorkerpsr\u0000\u0013java.util.Hashtable\u0013\xBB\u000F%!J\xE4\xB8\u0003\u0000\u0002F\u0000",
"host" => "127.0.0.1",
"@version" => "1",
"port" => 59581,
"type" => "wso2carbon",
"@timestamp" => 2018-06-07T10:28:01.179Z,
"tags" => [
[0] "_grokparsefailure"
]
}

please let me know how to decrypt this.


#2

You could replace the tcp input with a log4j input, but you should read and understand why the log4j input is deprecated.


(sandeep) #3

HI Badger, Thanks for ur quick response.

i tried with that also. but i am not getting any messages from wso2 carbon.

log4j {
mode => server
port => 6000
add_field => {
type => "wso2carbon"
}
}

This is my wso2 log4j configuration.

#TCP logger pattern
log4j.appender.tcp=org.apache.log4j.net.SocketAppender
log4j.appender.tcp.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.tcp.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
log4j.appender.tcp.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.tcp.Port=6000
log4j.appender.tcp.RemoteHost=localhost
log4j.appender.tcp.ReconnectionDelay=10000
log4j.appender.tcp.threshold=DEBUG
log4j.appender.tcp.Application=wso2carbon


(sandeep) #4

any other solution?


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.