Prevent Logstash Service logging to /var/log/messages

Anyone please guide me in preventing Logstash logging to /var/log/messages?
I have configured Syslog Input module on my server & sending those logs to Elasticsearch. Along with that all log related to logsatsh is also getting sent to Elasticsearch (which is not required & dirtying my Elasticsearch documents.

Same issue was raised earlier also but no solution was provided to it.

Below logs are coming to my /var/log/messages & i want to ignore it.

May 20 15:41:01 logstash: "svc_name" => "noise",
May 20 15:41:01 logstash: "message" => "May 20 15:40:59 MyServer logstash: ],",
May 20 15:41:01 logstash: "@timestamp" => 2019-05-20T13:41:00.667Z,
May 20 15:41:01 logstash: "syslog_severity_code" => 5,
May 20 15:41:01 logstash: "msg" => "logstash: ],",
May 20 15:41:01 logstash: "tags" => [
May 20 15:41:01 logstash: [0] "_grokparsefailure"
May 20 15:41:01 logstash: ],
May 20 15:41:01 logstash: "epoc" => 1558359660,
May 20 15:41:01 logstash: "syslog_hostname" => "MyServer",
May 20 15:41:01 logstash: "syslog_timestamp" => "May 20 15:40:59",
May 20 15:41:01 logstash: "podname" => "vms"
May 20 15:41:01 systemd: Started Session 148663 of user root.
May 20 15:41:01 logstash: }
May 20 15:41:01 logstash: {
May 20 15:41:01 logstash: "svc_name" => "noise",
May 20 15:41:01 systemd: Starting Session 148663 of user root.
May 20 15:41:01 logstash: "message" => "May 20 15:40:59 MyServer logstash: "epoc" => 1558359659,",
May 20 15:41:01 logstash: "@timestamp" => 2019-05-20T13:41:00.667Z,

I have already set Log Level in Warning state in logstash.yml file.
log.level: warn

logstash logs to stdout. Your service manager may cc the stdout of a service to /var/log/messages.

Removing below output in conf.d file, i was able to deny logstash related log coming to /var/log/messages

stdout { codec => rubydebug }

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.