LogStash won't bind to any port

I'm running LS 5.4 on Ubuntu 16.04 LTS

It's been running happily tailing locally written bro files for several months. I stopped it to do some troubleshooting and testing to add some functionality, but I'm having trouble.

Currently, bro is stopped AND the LS service is stopped. I'm using the following LS conf file:

input {

udp {
        port => 9999
    }
}

output {

stdout { codec => rubydebug }

}

I then run the following command to start LS:

/usr/share/logstash/bin/logstash -f test.conf

I get the following (after a LONG wait, over 3 minutes for the java machine to start):

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

Then nothing. Nothing is listening on port 9999 and if I send anything to that port, I don't get any output.
Nothing is being written to the log... and when I mean nothing, I mean NOTHING.

I tried with the following command:

/usr/share/logstash/bin/logstash -l /etc/logstash/testconf/logtest.log -f test.conf

But that log was never written.

I tried with the modification of

input {

stdin {  }

udp {
        port => 9999
    }
}

output {

stdout { codec => rubydebug }

}

and indeed I got:

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
The stdin plugin is now waiting for input:

but I still never got anything for the udp port.

All the googles have found have answers for different errors, but with no errors and no feedback, I don't have any idea of what could be wrong. Any suggestions?

Why isn't this logging?
Why doesn't LS bind and connect to the port?

Thanks.

OK, I rebooted, and started over.

This time I used this command line to start:

/usr/share/logstash/bin/logstash -f test.conf --path.settings /etc/logstash/

And I got the following in the log:

[2017-12-08T20:01:59,279][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2017-12-08T20:01:59,379][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2017-12-08T20:02:01,025][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125}
[2017-12-08T20:02:01,075][INFO ][logstash.pipeline ] Pipeline main started
[2017-12-08T20:02:01,099][INFO ][logstash.inputs.udp ] Starting UDP listener {:address=>"0.0.0.0:9999"}
[2017-12-08T20:02:01,184][INFO ][logstash.inputs.udp ] UDP listener started {:address=>"0.0.0.0:9999", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
[2017-12-08T20:02:01,473][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

However, when I send data to port 9999, I still get no output. I DO get output with stdin.

The stdin plugin is now waiting for input:
l;kkjl;kj
{
      "@version" => "1",
          "host" => "server-01",
    "@timestamp" => 2017-12-08T20:03:15.451Z,
    "message" => "l;kkjl;kj"
}

very frustrating...

Final info for the day: Running as the service the conf file works fine (service logstash start) but not from the command line. What's the difference I need to know?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.