Unable to connect to Logstash from Remote

James_Nobles · September 25, 2019, 8:10pm

I've have installed ELK 6.8.3 on CENTOS 6.10. Elasticsearch and Kibana appear to work on so far. I can upload csv files in Kibana and create visualizations.

This issue is sending syslog data to logstash. The goal is to send syslog data from switches, routers and GPON equipment to ELK for dashboards.

This is what i see went starting Logstash. I tried debug logging, which is why you see the first msg, if forgot to change --config.debug back to false

Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2019-09-25T15:20:23,757][WARN ][logstash.runner ] --config.debug was specified, but log.level was not set to 'debug'! No config info will be logged.
[2019-09-25T15:20:24,608][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.8.3"}
[2019-09-25T15:20:34,593][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>25, "pipeline.batch.delay"=>50}
[2019-09-25T15:20:35,110][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x2d51b79d run>"}
[2019-09-25T15:20:35,273][INFO ][logstash.inputs.syslog ] Starting syslog tcp listener {:address=>"0.0.0.0:1024"}
[2019-09-25T15:20:35,275][INFO ][logstash.inputs.syslog ] Starting syslog udp listener {:address=>"0.0.0.0:1024"}
[2019-09-25T15:20:35,286][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2019-09-25T15:20:35,667][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

My input.conf

input {
    syslog {
        port=> 1024
    }
}

My output.conf

output {
     stdout { }
}

netstat -na|grep 1024(port in the input.conf file)
tcp 0 0 :::1024 :::* LISTEN
udp 0 0 0.0.0.0:1024 0.0.0.0:*

netcat -v -N ip 1024 < sample.log gets refused

netcat -v -u -N ip 1024 < sample.log
Connection to ip 1024 port [udp/*] succeeded!

telnet ip:1024 gets resource temporarily unavailable

iptables
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5601
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9200
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9300
8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1024

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Any help would be greatly appreciated. Thank you!

system · October 23, 2019, 8:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.