Discuss the Elastic Stack

Syslog out plugin connection error and UDP drops

Elastic Stack Logstash

Jayanthi (Jayanthimala) August 19, 2019, 8:57pm 1

We have 4 logstash servers currently just taking ~4000/sec. Works fine almost all the time, but few times couple server have UDP drops.
At the same time, i see following exception logged.

syslog tcp output exception: closing, reconnecting and resending event {:host=>"xxx.xxx.xxx", :port=>514, :exception=>#<SystemCallError: Unknown error (SystemCallError) - No message available>

Trying to find, if the syslog tcp output exception is making the packets to pile up and cause UDP drops or is it other way around?

Logstash config
4 servers - 4CPU,8 GB
workers = >8
queue_size => 50000
pipeline.workers => 8
batch_size => 2000

system (system) Closed September 16, 2019, 8:57pm 2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
TCP syslog output not working properly in logstash Logstash	1	1491	December 21, 2017
No input via udp/syslog plugin Logstash	6	2584	July 6, 2017
Logstash UDP input keeps losing data Logstash	3	533	May 25, 2022
Logstash TCP and Syslog Plugin Error Logstash	5	1123	June 6, 2023
Syslog with UDP and TCP ports Logstash	2	298	August 8, 2020

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.