Monitoring logstash with port 9600

zeenon · May 30, 2018, 7:34am

Hi,
I am running logstash 5.6.4 and I have set
http.port: 9600-9700
in my logstash.yml configuration file.
On the logstash server, all is fine

$ telnet 127.0.0.1 9600
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

but an another server cannot check the port 9600

$ telnet ud0tx057 9600
Trying 126.246.159.200...
telnet: connect to address 126.246.159.200: Connection refused

but ping and ssh are OK
What's wrong ?
does it exist a netmask to allow/block the other servers ?

thanks for your tips

Badger · May 30, 2018, 12:52pm

Does 'telnet 126.246.159.200 9600' work on the server itself? Do you have http.host set to 127.0.0.1? If you do 'netstat -an | grep 9600' then what do you get?

zeenon · May 31, 2018, 1:46pm

On the server itself, 'telnet 126.246.159.200 9600' does not work

telnet 126.246.159.200 9600
Trying 126.246.159.200...
telnet: connect to address 126.246.159.200: Connection refused

fgrep http. /etc/logstash/logstash.yml
http.host: "127.0.0.1"
http.port: 9600-9700

netstat -an | grep 9600
tcp 0 0 127.0.0.1:9600 0.0.0.0:* LISTEN

Badger · May 31, 2018, 1:55pm

OK, so you have http.host set to 127.0.0.1, which is referred to as "localhost". It is only accessible from the server itself. Change http.host to be 126.246.159.200 and anyone will be able to access it remotely.

I cannot speak to the security implications of exposing your monitoring ports to remote access.

zeenon · May 31, 2018, 1:58pm

thanks, it works

system · June 28, 2018, 1:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.