-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syslog input dies periodically #18
Comments
Just to confirm - the workaround is now running stable for more than one week. It would still be really nice to have the actual input working too. |
I've got the exact same problem, the workaround is running stable, but I would want to know why it keeps crashing... |
I ran into this as well. After investigating this for a while I noticed that the logstash process has TONS of connections in the CLOSE_WAIT status, so the issue is that this plugin isn't closing its TCP connections properly. Something in this method will need to be fixed, though I don't know enough ruby to identify why the code already there doesn't work! |
Hello, looks like it's not only related to syslog plugin, here my error:
Here a piece of my config:
Cheers, |
This affects us, too .. |
Here too |
Tried the workaround above by mentioning type and port, but get this error now. {:timestamp=>"2015-11-15T14:44:58.760000+0000", :message=>"The error reported is: \n Permission denied - bind(2)"} Workaround that workedUsed Filebeat - https://github.com/elastic/filebeat to output to logstash on port 5044 ### Logstash as output
logstash:
# Uncomment out this option if you want to output to Logstash. The default is false.
enabled: true
# The Logstash hosts
hosts: ["localhost:5044"] Then read the output of filebeat as input to logstash as follows input {
beats {
port => 5044
}
}
output {
stdout { codec => rubydebug }
file {
path => "/var/log/logstash/interceptor-%{+YYYY-MM-dd}.log"
}
} |
@machzqcq thanks for sharing, but how does filebeat help if you try to retrieve syslogs via TCP from your Cisco switch? |
but 5140 is OK: input { udp { |
Hi,
my logstash server (1.5.2) keeps dying (reproducible) after ~1 hour runtime with this error:
using the following filter configuration:
My server was installed from the official most recent package on Ubuntu 14.04. In addition to that the
setcap cap_net_bind_service=+epi $(readlink -f /usr/bin/java)
capabilities have been configured for java/logstash.The workaround which seems to run stable for me atm. is to not use the syslog input but the tcp and udp inputs:
Still the syslog input should also run stable and it shouldn't crash the entire server.
I'd be happy to help and provide additional information.
Cheers
The text was updated successfully, but these errors were encountered: