Weird test configuration problem || log_file --> Syslog-ng --> Logstash --> another_file

Elastic Stack Logstash
1

Hi All, please ignore the stupid use case as I only use this config for testing purposes.

I have an Ubuntu server with installed syslog-ng and Logstash.
I'd like to do the following:

I have a cronjob that on every minute manually add one log FW entry into one file ubuntu_in
Something like:
echo "blablba" >> ubuntu_in
I take this file in Syslog-ng as input (using File source driver) and get it on localhost:4444 (using network destination driver)

Logstash listens on localhost:4444 (using input plugin Syslog) and should write these logs to another file on the same Ubuntu server called ubuntu_out

These are my configurations
SYSLOG-NG

9
9802×587 52.1 KB

LOGSTASH (the file contains artifacts from another test but they are commented and plays no role here)

10
101001×482 59 KB

Is that scenario even possible?
I can't see file ubuntu_out anyway?

Could you please tell me what I do wrong?

I'm placing here just a simple test i did with lsof to see if both tools connect with each other and they seems to have although I am not a network expert.

11
111288×136 9.79 KB

Thank you in advance.

2

Got it :slight_smile:
Just had to add in Logstash in the FIle output plugin the parameter file_mode => <some_perm> and it worked.
output { #elasticsearch { hosts => ["localhost:9200"] } #stdout { codec => rubydebug } file { path => "/home/dimma/testfolder/ubuntu_out" file_mode => 0644 }

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.