Logstash not accepting logs

[Bitflogger]

Hello, I am running a test server with version 2.08, on a 64-bit VM, CentOS 7 server.

Starting about 2 PM yesterday, no logs are registered from 7 servers, including the local host.

NLS is listening on a few ports, but is not listening on some ports I expect it to listen on.

I have taken out experimental inputs and filters, verified and applied the standard inputs and filters.

I have restarted logstash.

What can I try next? What information would help you diagnose it?

Earl

[Bitflogger]

I neglected to mention that 7 servers are all the servers connected to NLS.

It has taken in zero logs since 2 PM yesterday.

Earl

[Bitflogger]

Hello,

I found the logstash log.

It has
{:timestamp=>"2019-07-17T13:09:43.417000-0500", :message=>"Pipeline aborted due to error", :exception=>"Errno::EACCES", :error=>"Permission denied - /etc/pki/tls/private/syslog-nls.key"

{:timestamp=>"2019-07-17T11:42:49.133000-0500", :message=>"Could not inititalize SSL context", :exception=>#<Errno::EACCES: Permission denied - /etc/pki/tls/certs/syslog-nls.crt>

They were

-rw------- 1 root root 1257 Jul 11 08:45 /etc/pki/tls/certs/syslog-nls.crt
-rw------- 1 root root 1679 Jul 11 08:44 /etc/pki/tls/private/syslog-nls.key

I have no idea why they would have changed.

With a+r rights, and restarting logstash, NLS is getting logs again.

Should they be -rw-r----- root nagios ?

Earl

[cdienger]

If the steps in https://assets.nagios.com/downloads/nag ... th-SSL.pdf were followed and the root account uses the default 'umask 022', then we'd expect the permissions to be:

Code: Select all

-rw-r--r-- 1 root root

[Bitflogger]

Hello,

OK, please lock the case.

Earl

[benjaminsmith]

OK, please lock the case.

Sounds good. Thanks Earl.