Re: Help receiving syslog data in Logstash
Crap... I'm sorry. Noobish indeed. Didn't even realized there was a
separate group. I'll post it over there. Thanks!
On Wednesday, November 12, 2014 9:14:34 AM UTC-6, Andrew Stacey wrote:
>
> This is probably a very noobish question. I just starting playing with an
> ELK stack I have set up on Centos 7. All the core services seem to be
> working but I can't seem to get it to receive syslog messages. I have both
> selinux and the firewall turned off (just a local lab right now). Netstat
> -nlp does not show anything listening on port 514.
>
> According to the logstash book, I need to add the following syslog input
> plugin
>
> syslog {
> type => syslog
> port => 5514
> }
>
>
> in /etc/logstash/conf.d/central.conf but that file does not exist on my
> machine. The only files in that directory are named
> 01-lumberjack-input.conf. 10-syslog.conf, and 30-lumberjack-output.conf.
> Looking inside those three, it does not look like putting anything there
> will help, though I did try adding the above code in the
> 01-lumberjack-input.conf to no affect.
>
> Before I wasted a ton of time overlooking something simple, does anyone
> who has set up logstash see what piece I am missing to enable to receipt of
> syslog entries? I have two device trying to send the data, one a sonicwall
> firewall, the other is just a windows machine using nxlog. The nxlog.log
> file throws the following error:
>
> ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection
> could be made because the target machine actively refused it.
>
> So I am sure I am at least sending some data to Logstash. I'm sure it is
> something simple I missed but for the life of me just can't see it.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5cc9750e-11ac-4c76-ad31-eeda43e5cd38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Help receiving syslog data in Logstash
On Wednesday, November 12, 2014 at 16:14 CET,
Andrew Stacey wrote:
> This is probably a very noobish question. I just starting playing
> with an ELK stack I have set up on Centos 7. All the core services
> seem to be working but I can't seem to get it to receive syslog
> messages. I have both selinux and the firewall turned off (just a
> local lab right now). Netstat -nlp does not show anything listening
> on port 514.
>
> According to the logstash book, I need to add the following syslog
> input plugin
>
> syslog {
> type => syslog
> port => 5514
> }
This question would've been a better fit for the Logstash mailing list.
https://groups.google.com/forum/#!forum/logstash-users
[...]
> ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection
> could be made because the target machine actively refused it.
nxlog tries to send to port 514 but you've configured Logstash to listen
on port 5514. Either one needs to be adjusted to match the other. Keep
in mind that only root can listen on port 514 (but see below) and
Logstash is typically not run as root.
http://unix.stackexchange.com/questions/10735/linux-allowing-an-user-to-listen-to-a-port-below-1024
[...]
--
Magnus Bäck| Software Engineer, Development Tools
magnus.b...@sonymobile.com | Sony Mobile Communications
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/20141112155404.GA25446%40seldlx20533.corpusers.net.
For more options, visit https://groups.google.com/d/optout.
Help receiving syslog data in Logstash
This is probably a very noobish question. I just starting playing with an
ELK stack I have set up on Centos 7. All the core services seem to be
working but I can't seem to get it to receive syslog messages. I have both
selinux and the firewall turned off (just a local lab right now). Netstat
-nlp does not show anything listening on port 514.
According to the logstash book, I need to add the following syslog input
plugin
syslog {
type => syslog
port => 5514
}
in /etc/logstash/conf.d/central.conf but that file does not exist on my
machine. The only files in that directory are named
01-lumberjack-input.conf. 10-syslog.conf, and 30-lumberjack-output.conf.
Looking inside those three, it does not look like putting anything there
will help, though I did try adding the above code in the
01-lumberjack-input.conf to no affect.
Before I wasted a ton of time overlooking something simple, does anyone who
has set up logstash see what piece I am missing to enable to receipt of
syslog entries? I have two device trying to send the data, one a sonicwall
firewall, the other is just a windows machine using nxlog. The nxlog.log
file throws the following error:
ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection
could be made because the target machine actively refused it.
So I am sure I am at least sending some data to Logstash. I'm sure it is
something simple I missed but for the life of me just can't see it.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3950e372-0cee-42c4-b429-9b443b119820%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
