This is probably a very noobish question. I just starting playing with an
ELK stack I have set up on Centos 7. All the core services seem to be
working but I can't seem to get it to receive syslog messages. I have both
selinux and the firewall turned off (just a local lab right now). Netstat
-nlp does not show anything listening on port 514.
According to the logstash book, I need to add the following syslog input
plugin
syslog {
type => syslog
port => 5514
}
in /etc/logstash/conf.d/central.conf but that file does not exist on my
machine. The only files in that directory are named
01-lumberjack-input.conf. 10-syslog.conf, and 30-lumberjack-output.conf.
Looking inside those three, it does not look like putting anything there
will help, though I did try adding the above code in the
01-lumberjack-input.conf to no affect.
Before I wasted a ton of time overlooking something simple, does anyone who
has set up logstash see what piece I am missing to enable to receipt of
syslog entries? I have two device trying to send the data, one a sonicwall
firewall, the other is just a windows machine using nxlog. The nxlog.log
file throws the following error:
ERROR couldn't connect to tcp socket on 10.1.10.154:514; No connection
could be made because the target machine actively refused it.
So I am sure I am at least sending some data to Logstash. I'm sure it is
something simple I missed but for the life of me just can't see it.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3950e372-0cee-42c4-b429-9b443b119820%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
