Problem with reading logs

First of all sorry for my english I know it´s not the best one.

Well so, I installed logstash, elasicsearch and kibana on my debian 8 in Virtual box, and i Hvae a WatchWard where im receiving the logs from.

The problem is that i use the comand tcpdump port 5000 and im receiving pakets from my WatchWard, on my logstash file configuration it is configured to check te port 5000 and i dont know why it is not doing it, or maybe its my elasticsearch that its not doing its work i dunno, because if i configure my elastisearch to look up for local logs it shows me thoso so i dont know where is the problem.
if someone could help me it will be Awesome!

Thanks

Pablo

• can you share the input and output blocks from your pipeline configuration? If they include credentials, please make sure to redact them.
• the logs that Logstash emits can be helpful in determining many problems; where the logs end up dependent on how you've installed and are running Logstash, but these docs should help you find them.
• typically, I include an additional output to stdout using the rubydebug codec while I'm standing up a new pipeline, which helps me see what Logstash is doing:

  output {
    stdout { codec => rubydebug }
  }
  

First of all thank you for answering me.

As u can see here i receive packets from my watchward at port 5000

image.png704×399 7.73 KB

And now i will show you my configuration even the IPs my logstash and elasticsearch are "listening".

The packets in your tcpdump are being sent to UDP port 5000; Lumberjack listens on TCP ports.

Worth noting though, logstash_forwarder has been deprecated; it is suggested to use Filebeat and the Beats Input instead.

Well i used rsyslog and apparently im receiving logs now I store them at /var/log/udp.log and i receive them from udp and tcp.

Thanks for answering me back @yaauie

Pablo

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.