Re: Help receiving syslog data in Logstash
Crap... I'm sorry. Noobish indeed. Didn't even realized there was a separate group. I'll post it over there. Thanks! On Wednesday, November 12, 2014 9:14:34 AM UTC-6, Andrew Stacey wrote: > > This is probably a very noobish question. I just starting playing with an > ELK stack I have set up on Centos 7. All the core services seem to be > working but I can't seem to get it to receive syslog messages. I have both > selinux and the firewall turned off (just a local lab right now). Netstat > -nlp does not show anything listening on port 514. > > According to the logstash book, I need to add the following syslog input > plugin > > syslog { > type => syslog > port => 5514 > } > > > in /etc/logstash/conf.d/central.conf but that file does not exist on my > machine. The only files in that directory are named > 01-lumberjack-input.conf. 10-syslog.conf, and 30-lumberjack-output.conf. > Looking inside those three, it does not look like putting anything there > will help, though I did try adding the above code in the > 01-lumberjack-input.conf to no affect. > > Before I wasted a ton of time overlooking something simple, does anyone > who has set up logstash see what piece I am missing to enable to receipt of > syslog entries? I have two device trying to send the data, one a sonicwall > firewall, the other is just a windows machine using nxlog. The nxlog.log > file throws the following error: > > ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection > could be made because the target machine actively refused it. > > So I am sure I am at least sending some data to Logstash. I'm sure it is > something simple I missed but for the life of me just can't see it. > > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5cc9750e-11ac-4c76-ad31-eeda43e5cd38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Help receiving syslog data in Logstash
On Wednesday, November 12, 2014 at 16:14 CET, Andrew Stacey wrote: > This is probably a very noobish question. I just starting playing > with an ELK stack I have set up on Centos 7. All the core services > seem to be working but I can't seem to get it to receive syslog > messages. I have both selinux and the firewall turned off (just a > local lab right now). Netstat -nlp does not show anything listening > on port 514. > > According to the logstash book, I need to add the following syslog > input plugin > > syslog { > type => syslog > port => 5514 > } This question would've been a better fit for the Logstash mailing list. https://groups.google.com/forum/#!forum/logstash-users [...] > ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection > could be made because the target machine actively refused it. nxlog tries to send to port 514 but you've configured Logstash to listen on port 5514. Either one needs to be adjusted to match the other. Keep in mind that only root can listen on port 514 (but see below) and Logstash is typically not run as root. http://unix.stackexchange.com/questions/10735/linux-allowing-an-user-to-listen-to-a-port-below-1024 [...] -- Magnus Bäck| Software Engineer, Development Tools magnus.b...@sonymobile.com | Sony Mobile Communications -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/20141112155404.GA25446%40seldlx20533.corpusers.net. For more options, visit https://groups.google.com/d/optout.
Help receiving syslog data in Logstash
This is probably a very noobish question. I just starting playing with an ELK stack I have set up on Centos 7. All the core services seem to be working but I can't seem to get it to receive syslog messages. I have both selinux and the firewall turned off (just a local lab right now). Netstat -nlp does not show anything listening on port 514. According to the logstash book, I need to add the following syslog input plugin syslog { type => syslog port => 5514 } in /etc/logstash/conf.d/central.conf but that file does not exist on my machine. The only files in that directory are named 01-lumberjack-input.conf. 10-syslog.conf, and 30-lumberjack-output.conf. Looking inside those three, it does not look like putting anything there will help, though I did try adding the above code in the 01-lumberjack-input.conf to no affect. Before I wasted a ton of time overlooking something simple, does anyone who has set up logstash see what piece I am missing to enable to receipt of syslog entries? I have two device trying to send the data, one a sonicwall firewall, the other is just a windows machine using nxlog. The nxlog.log file throws the following error: ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection could be made because the target machine actively refused it. So I am sure I am at least sending some data to Logstash. I'm sure it is something simple I missed but for the life of me just can't see it. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3950e372-0cee-42c4-b429-9b443b119820%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.