Problem with Logstash, don't start getting message "Exception in lumberjack input"


(Fabio Toyota) #1

Hi guys I´m having problem with logstash.
I am using:
elasticsearch-1.5.2-1.noarch
logstash-1.5.1-1.noarch
logstash-forwarder-0.4.0-1.x86_64
and CentOs 7x.

I have 3 files as config in logstash/conf.d/
01-lumberjack-input.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
10-syslog.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
30-lumberjack-output.conf
output {
#elasticsearch { host => localhost =>"logstash-%{+YYYY.MM.dd}" }
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}

Elasticsearch doesn't have and index of logstash.
I found this in my logstash.log

{:timestamp=>"2015-06-23T15:44:30.185000-0300", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}
{:timestamp=>"2015-06-23T15:44:30.188000-0300", :message=>"Exception in lumberjack input", :exception=>#, :level=>:error}

The keys exists in the path.
I used configtest to test the configuration and get okay as response.

Anyone have a clue?


(Fabio Toyota) #2

In 30-lumberjack-output.conf
the line
#elasticsearch { host => localhost =>"logstash-%{+YYYY.MM.dd}" }
was marked with "#"


(Magnus Bäck) #3

Are those two lines really the only ones in logstash.log? What if you turn up logging with --verbose or even --debug?


(Fabio Toyota) #4

Hi Magnus.

Thanks for the support.
I tried the two option. Those are the only line in logstash.log. But when i debugged or used --verbose, those error only appeared when i stopped the process.
Logstash is not the problem, logstash-forwarder is not sending data.
Aparentetly I had problem with key. I make some new keys and update openssl clients.


(system) #5