New to ELK (Syslog issue)

Tommo · June 28, 2016, 10:02am

I've setup ELK on Windows 2012 and can't seem to get the syslog working.
So at this stage my logstash.json file has a simple input for syslog.

input {
beats {
port => 5044
type => log
}
syslog {
}
If I save this and restart the logstash service I would expect netstat -a | find "514" to return a listener but it's not.
The filebeats, winlogbeats and topbeat are functioning as expected.

If I do a logstash-plugin list --verbose I can see that logstash-input-syslog is version (2.0.5).

So my question is does someone have a simple setup documented I can review for syslog on windows.

cheers
Tom

theuntergeek · June 29, 2016, 2:57pm

Have you tried specifically bonding a given host IP and/or port?

If you run with the --verbose or --debug flags, do you see more information regarding the syslog input plugin?

Tommo · July 1, 2016, 6:42am

Thanks for the reply I ended up dumping the windows box and running ELK on cents as I found more tuts I could follow.
I will return to windows once I have it all doing what I hope.

Topic		Replies	Views
Configuring logstash-input-syslog Logstash	5	9408	June 1, 2018
Logstash not ingesting syslog Logstash	16	12245	January 11, 2017
Winlogbeat wont send logs Beats winlogbeat	3	3771	January 30, 2019
Filebeat Syslog isn't Opening Port Beats filebeat	5	1261	June 3, 2021
Syslogging Struggle - newbie alert Elasticsearch	5	583	December 21, 2021

New to ELK (Syslog issue)

Related Topics