Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

256 questions
46
votes
5 answers

Failed tls handshake. Does not contain any IP SANs

I'm trying to set up logstash forwarder, but I have issues with making a proper secure channel. Trying to configure this with two ubuntu (server 14.04) machines running in virtualbox. They are 100% clean (not touched hosts file or installed any…
connery
  • 495
  • 1
  • 4
  • 8
26
votes
2 answers

How to kill a process that never dies?

Problem I have java process which does not die neither with SIGTERM nor SIGKILL. logstash 2591 1 99 13:22 ? 00:01:46 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75…
Yu Watanabe
  • 606
  • 2
  • 8
  • 18
16
votes
1 answer

Scaling Logstash (with redis/elasticsearch)

Over a cluster of over 12 centos 5.8 servers, I deployed logstash using the native logstash shipper, which sends /var/log/*/*.log back to a central logstash server. We tried using rsyslogd as the shipper, but due to a bug in rsyslogd's ImFile…
Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
15
votes
9 answers

Get logstash version

How does one get the version of Logstash? root@elk:/usr/share/elasticsearch# bin/logstash --help bash: bin/logstash: No such file or directory I have Logstash running on my system. Also. root@elk:/# logstash -V bash: logstash: command not…
Karl Morrison
  • 1,521
  • 4
  • 25
  • 42
12
votes
2 answers

Configuring Logstash when installed as a service

I have installed logstash as a service using the logstash APT repository on Ubuntu 13.10. So now I can run: dpkg -s logstash And it outputs: Package: logstash Status: install ok installed Priority: extra Section: default Installed-Size:…
Binyomin Trager
  • 1,018
  • 1
  • 9
  • 9
12
votes
1 answer

logstash (or graylog?) vs nxLog to collect event logs and csv logs

I am current investigating the possibility to consolidate logs from multiple servers using logstash (or graylog2). I am still a bit confused about the difference logstash and graylog. So far I appreciated the ease of use of logstash, but I would be…
E. Jaep
  • 283
  • 1
  • 3
  • 12
10
votes
2 answers

Logstash can't read files it should have access too

I've added user logstash into group adm using the command $ usermod -a -G adm logstash. One of the files that the logstash agent is trying to read is /var/log/nginx/foo-access.log, which has the following permissions: -rw-r----- 1 www-data adm 0 Jul…
Phil Sturgeon
  • 291
  • 1
  • 3
  • 12
9
votes
1 answer

Elasticsearch dies when Logstash attempts to write data

I've got a Raspberry Pi 2 (latest Raspbian as of Apr 2015) setup that last week was running both ElasticSearch and Logstash on a test network (not a straightforward setup, but it was stable for over a week!). I rebooted my machine today and have…
anyweez
  • 193
  • 4
8
votes
1 answer

ELK Stack (Logstash, Elasticsearch and Kibana) with concurrent remote syslog server?

I'm building a log analyser service to start monitoring mainly our pfSense Firewalls, XenServer Hypervisors, FreeBSD/Linux servers and Windows servers. There's a lot of documentation on the internet about the ELK stack and how to make it work…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
8
votes
2 answers

How to configure a log aggregator to authenticate data?

Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic analysis. I've been researching security options…
Tim Otten
  • 183
  • 4
8
votes
2 answers

Logstash parsing xml document containing multiple log entries

I'm currently evaluating whether logstash and elasticsearch are useful for our use-case. What I have is a log file containing multiple entries which is of the form ... ...
dualed
  • 388
  • 1
  • 2
  • 14
8
votes
4 answers

How best to monitor logstash?

I've seen this question on the mailing list a few times but haven't had a satisfactory answer. How best to monitor that the pipeline isn't stuck? Clients -> logstash -> elasticsearch. Logstash and especially elasticsearch are prone to resource…
Dan Garthwaite
  • 2,922
  • 18
  • 29
8
votes
1 answer

What is the significance of the @ prefix in logstash field names?

The following logstash configuration is used to accept Windows Event Logs as json over a TCP connection and then after some filtering forward the result to Elastic search (source: https://gist.github.com/robinsmidsrod/4215337): input { tcp { …
Kev
  • 7,777
  • 17
  • 78
  • 108
7
votes
4 answers

nginx error log Grok pattern

I am having trouble getting the following nginx error log message to parse in the grok debugger. I have a feeling there is a stupid trick that I should use but can't figure out what it may be. 2015/03/20 23:35:52 [error] 8#0: *10241823 testing…
jmreicha
  • 791
  • 1
  • 16
  • 29
7
votes
3 answers

Secure logstash and elasticsearch

I'm considering running logstash on my prod server (simple install. http://logstash.net/docs/1.1.13/tutorials/getting-started-simple) and set kibana to access logs. My concern is: how to secure my prod logs (especially elasticsearch which is run by…
CoBaLt2760
  • 193
  • 1
  • 7
1
2 3
17 18