It works!
I tried to add a new filter in the 500_filter.conf file + the pattern file, but the logstash's log said something was wrong with the filter, so I only left the pattern file and now all maillog file is in NLS shown correctly, thanks a lot!
Linux host not sending logs
Re: Linux host not sending logs
Excellent! Let us know if we can lock this topic and mark it as "resolved".
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
Gabriel_Barba
- Posts: 12
- Joined: Tue Nov 12, 2013 10:42 am
Re: Linux host not sending logs
Yes please.
Re: Linux host not sending logs
Gabriel_Barba - do you mind clarifying the steps you took to fix this issue? I have followed the trail of this message and I seem to be having the same exact problem as you. Did you add/remove any global configuration Filters via the web interface?Gabriel_Barba wrote:It works!
I tried to add a new filter in the 500_filter.conf file + the pattern file, but the logstash's log said something was wrong with the filter, so I only left the pattern file and now all maillog file is in NLS shown correctly, thanks a lot!
If you could provide any additional detail to what you mentioned above, I'd greatly appreciate it. I'm very new to this tool.
Thanks,
KC
Re: Linux host not sending logs
Actually mine may not be exactly the same.
tcpdump from NLS:
tcp 0 0 127.0.0.1:60313 127.0.0.1:5544 ESTABLISHED
tcp 0 0 127.0.0.1:35544 127.0.0.1:9200 TIME_WAIT
tcp 0 0 :::5544 :::* LISTEN
tcp 0 0 ::ffff:127.0.0.1:5544 ::ffff:127.0.0.1:60313 ESTABLISHED
udp 0 0 :::5544 :::*
I'm not seeing the sending server listed (192.168.2.108).
I ran the setup configuration script and rsyslog was configured successfully (gave OK's), but no logs show up on NLS interface.
I can ping both ways. I disabled iptables, still no luck. I'll check the firewall logs, but shouldn't be stopping it..
tcpdump from NLS:
tcp 0 0 127.0.0.1:60313 127.0.0.1:5544 ESTABLISHED
tcp 0 0 127.0.0.1:35544 127.0.0.1:9200 TIME_WAIT
tcp 0 0 :::5544 :::* LISTEN
tcp 0 0 ::ffff:127.0.0.1:5544 ::ffff:127.0.0.1:60313 ESTABLISHED
udp 0 0 :::5544 :::*
I'm not seeing the sending server listed (192.168.2.108).
I ran the setup configuration script and rsyslog was configured successfully (gave OK's), but no logs show up on NLS interface.
I can ping both ways. I disabled iptables, still no luck. I'll check the firewall logs, but shouldn't be stopping it..
Re: Linux host not sending logs
Did you follow this step?
Please add the following to your rsyslog.conf:
Code: Select all
echo "\$IncludeConfig /etc/rsyslog.d/*.conf" >> /etc/rsyslog.conf
And restart rsyslog:
Code: Select all
service rsyslog restart
Let me know if that works. Thanks!
Re: Linux host not sending logs
Firewall was blocking UDP - heh sorry about that.
Feel free to lock down post again. - thanks
Feel free to lock down post again. - thanks
