Problem with reading logs

First of all sorry for my english I know it´s not the best one.

Well so, I installed logstash, elasicsearch and kibana on my debian 8 in Virtual box, and i Hvae a WatchWard where im receiving the logs from.

The problem is that i use the comand tcpdump port 5000 and im receiving pakets from my WatchWard, on my logstash file configuration it is configured to check te port 5000 and i dont know why it is not doing it, or maybe its my elasticsearch that its not doing its work i dunno, because if i configure my elastisearch to look up for local logs it shows me thoso so i dont know where is the problem.
if someone could help me it will be Awesome!

Thanks

Pablo

  • can you share the input and output blocks from your pipeline configuration? If they include credentials, please make sure to redact them.
  • the logs that Logstash emits can be helpful in determining many problems; where the logs end up dependent on how you've installed and are running Logstash, but these docs should help you find them.
  • typically, I include an additional output to stdout using the rubydebug codec while I'm standing up a new pipeline, which helps me see what Logstash is doing:
    output {
      stdout { codec => rubydebug }
    }
    

First of all thank you for answering me.

As u can see here i receive packets from my watchward at port 5000

And now i will show you my configuration even the IPs my logstash and elasticsearch are "listening".

image

image

image

image

image

The packets in your tcpdump are being sent to UDP port 5000; Lumberjack listens on TCP ports.

Worth noting though, logstash_forwarder has been deprecated; it is suggested to use Filebeat and the Beats Input instead.

Well i used rsyslog and apparently im receiving logs now I store them at /var/log/udp.log and i receive them from udp and tcp.

Thanks for answering me back @yaauie

Pablo

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.