logstash daemon stopping

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

logstash daemon stopping

Post by benhank »

Happy new year guys!
this most likely an easy fix

my logstash deamon stops running periodically, the error I get (from nagios) is:

Code: Select all

the logstash daemon dead, but pid file exists.
When this happens, the number of objects sending logs to the logserver drops to 1
after restarting the daemon via the logserver's admin page, everything goes back to normal.
how can I prevent this fellas?
thanks in advance
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: logstash daemon stopping

Post by tmcdonald »

Could you post some logs from when this is happening?

Code: Select all

tail -100 /var/log/logstash/logstash.log
As a bonus, try saying this 5 times fast: slash var slash log slash logstash slash logstash dot log
Former Nagios employee
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: logstash daemon stopping

Post by benhank »

But.. we don't have any logs on the logserver.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: logstash daemon stopping

Post by sreinhardt »

/var/log/logstash is standard for all log stash installs. Log server does not actually take in this log in any way unless its provided to the local syslog facility. If this is pretty much a stock log server, they definitely should be available.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: logstash daemon stopping

Post by benhank »

dude i know lol i was kidding. lol. hold off on this till tomorrow, just got a project dropped on me
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
cmerchant
Posts: 546
Joined: Wed Sep 24, 2014 11:19 am

Re: logstash daemon stopping

Post by cmerchant »

Could you post some logs from when this is happening?

Code: Select all
tail -100 /var/log/logstash/logstash.log
Just send us something tomorrow, thanks.
Top
User avatar
benhank
Posts: 1264
Joined: Tue Apr 12, 2011 12:29 pm

Re: logstash daemon stopping

Post by benhank »

here as a creepy aside, even tho my NLS is showing that it is receiving data from 1 source, the lil green arrows are both green and nagios is reporting that the logstash daemon is running.
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: logstash daemon stopping

Post by sreinhardt »

Looks like you're hitting this guy: https://github.com/elasticsearch/logstash/issues/1604, you should be able to follow the patch here: https://github.com/jordansissel/ruby-ft ... 59eccc18a3. Try replacing theses files with the ones attached to this post:

/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/connection.rb
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/ftw-0.0.39/lib/ftw/pool.rb
You do not have the required permissions to view the files attached to this post.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
User avatar
eloyd
Cool Title Here
Posts: 2190
Joined: Thu Sep 27, 2012 9:14 am
Location: Rochester, NY
Contact:
Contact eloyd

Re: logstash daemon stopping

Post by eloyd »

tmcdonald wrote:As a bonus, try saying this 5 times fast: slash var slash log slash logstash slash logstash dot log
slash var slash log slash logstash slash logstash dot log
slash var slash log stash logstash slash logslash dot log
slash var stash logo stash logslash stash logoslash dot log
stash var stash logo stash logslasht stash logoslash dot slog
stash vars tash log ostash logslashts tashlo go shash dots logs
Image
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: logstash daemon stopping

Post by sreinhardt »

You, ... thats enough out of you! Ben, let us know if that works out for you or not. The change is needed because a part of logstash does not close its open sockets when done with them, and since linux treats everything as a file.. you get an too many open files error. This just makes it play nice with everyone else and close it's sockets.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
Locked

Return to “Nagios Log Server”