Syslog Listener Died - TCP/UDP

Hello,

I just did a fresh setup of the latest version of the stack (6.2.4) and everything looks good except for my Logstash syslog listeners for TCP and UDP keep dying so I'm unable to ship in any syslog data.

Here is the error output:

2018-04-20T08:23:04,368][INFO ][logstash.inputs.syslog ] Starting syslog tcp listener {:address=>"0.0.0.0:5005"}
[2018-04-20T08:23:07,720][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NoMethodError: undefined method <' for nil:NilClass>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:222:inget_event_type'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:47:in event_action_tuple'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:36:inblock in multi_receive'", "org/jruby/RubyArray.java:2486:in map'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:36:inmulti_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:13:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:49:inmulti_receive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:477:in block in output_batch'", "org/jruby/RubyHash.java:1343:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:476:in output_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:428:inworker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:386:in block in start_workers'"]} [2018-04-20T08:23:07,784][WARN ][logstash.inputs.syslog ] syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:5005", :exception=>#<IOError: IO Error>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:152:inudp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:110:inblock in run'"]}
[2018-04-20T08:23:07,799][WARN ][logstash.inputs.syslog ] syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:5005", :exception=>#<IOError: closed stream>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:157:in accept'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:170:intcp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:114:inblock in run'"]}
[2018-04-20T08:23:07,808][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

Looking for some ideas where to look next to get this resolved.

Thanks!

Edit: I reverted back to a snapshot of this that I took prior to installing/adding the x-packs. The listener has no problem running with no x-packs installed. So it seems to be related to that.

Was not able to find a resolution. Ended up deploying 6.2.3 instead and have not had any issues.

Hi, I can confirm I'm seeing the same issue upon installing logstash with X-Pack and 6.2.4. Was not seeing this crash before I added X-Pack. This bug also vanishes if X-Pack 6.2.4 is run without security turned on.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.