What network mode use in podman-compose

Hello,
I have a problem with podman-compose. I have running ELK stack and communication between apps is working but I cant figure out why I cant connect from another host to logstash input.

Can you please tell me which network_mode are you using in podman for logstash?
I was using network mode host in docker, but now I switched to podman but my application servers cannt connect to logstash. In podman there is no network host and I use bridge.

I made dump and I can see that app machine wants to send logs to logstash but docker cannt respond.

   10.12.1.30.46524 > 10.12.10.70.6379: Flags [S], cksum 0x9d05 (correct), seq 1371328963, win 29200, options [mss 1380,sackOK,TS val 1148183335 ecr 0,nop,wscale 7], length 0
11:19:42.600654 IP (tos 0x0, ttl 63, id 41139, offset 0, flags [DF], proto TCP (6), length 60)
    10.12.1.30.46524 > 10.12.10.70.6379: Flags [S], cksum 0x991c (correct), seq 1371328963, win 29200, options [mss 1380,sackOK,TS val 1148184336 ecr 0,nop,wscale 7], length 0
11:19:44.604616 IP (tos 0x0, ttl 63, id 41140, offset 0, flags [DF], proto TCP (6), length 60)
    10.12.1.30.46524 > 10.12.10.70.6379: Flags [S], cksum 0x9148 (correct), seq 1371328963, win 29200, options [mss 1380,sackOK,TS val 1148186340 ecr 0,nop,wscale 7], length 0

From my config I think this is important:

services:
  elk-logstash:
    image: logstash:8.4.0
    ports:
      - "6379:6379"
      - "5044:5044"
      - "9600:9600"
    logging:
        driver: journald
        options:
          tag: "{{.Name}}"
input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => "6379"
    ssl_enable => "true"
    ssl_cert => "***"
    ssl_key => "***"
    ssl_key_passphrase => "***"
    ssl_verify => "false"
    ssl_cipher_suites => ['TLS_AES_256_GCM_SHA384', 'TLS_AES_128_GCM_SHA256', 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256']
    ssl_supported_protocols => ['TLSv1.2', 'TLSv1.3']
    codec => "json_lines"
    tags => "ssl_TCPinput"
  }
}

You mean the mode in the tcp input plugin?

If you want to send data to logstash using the tcp input, then you need to use the server mode, which is the default and you do not need to specify it in your configuration.

If this was working with docker, but it is not working with podman, then it is a network issue and not related to Logstash, it would be better to check with a Podman community.

I mean network mode like bridge, host, ip

Docker has host networks but Podman hasn' t
Docker:

I think that many members here are using logstash in podman-compose and they must somehow connect some app machines to logstash, I cant figure out how.

You will need to wait to see if someone who has a use case similar to yours can help out.

As I said, this is not an issue with Logstash, it is a network issue related to your infrastructure with Podman, looking for a forum specific to podman has more chances to solve your issue faster.

Have you search for podman here to see if there is something related?

I searched but they had problem with connect logstash to ES. But I have a problem in communication logstash input. I use application logback that send logs to logstash but both are on another VM.
This scenario is about 5 years old now. I dont know, maybe I should use something new. Can you tell me what is now trend to use?
I have Java apps that use logback and in logback I have appender STASH and it sends json logs to logstash.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.