OK well, let's run those netstat and ps commands after stopping the logstash service as I had requested. Ideally it should indicate what process is using that port. Just incase you're not aware, the netstat output should look like:
tcp 0 0 :::5544 :::* LISTEN 15303/java off (0.00/0/0)
tcp 0 0 ::1:5544 ::1:41714 ESTABLISHED 15303/java off (0.00/0/0)
tcp 0 0 ::1:41714 ::1:5544 ESTABLISHED 844/rsyslogd off (0.00/0/0)
udp 0 0 :::5544 :::* 15303/java off (0.00/0/0)
btw this is what a properly running nls server looks like when pretty much stock
The last parts showing 15303/java are process id's and names. Once we have logstash stopped and the netstat run, take the offending pid still using 5544 and run this:
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Ok, please help me understand, why are you focused on the Syslog Port 5544?
Here is a snip from the Windows Servers all of them show the same thing...
C:\Program Files (x86)\nxlog\data\nxlog.log
2015-01-07 08:16:52 ERROR couldn't connect to tcp socket on atclogserver:3515; No connection could be made because the target machine actively refused it.
2015-01-07 08:16:52 INFO connecting to atclogserver:3515
2015-01-07 08:16:53 INFO reconnecting in 8 seconds
2015-01-07 08:16:53 ERROR couldn't connect to tcp socket on atclogserver:3515; No connection could be made because the target machine actively refused it.
2015-01-07 08:16:56 INFO connecting to atclogserver:3515
2015-01-07 08:16:57 INFO reconnecting in 16 seconds
If all the clients are looking for TCP 3515, shouldn't we be focusing on that port instead of the 5544?
I was specifically looking for 5544 because of the error mentioned in logstash's log seems directly related to it. Also because you stated that even with logstash stopped, nmap claimed 5544 was still open. With that said, your netstats both pre and post restarting of logstash look great and do not seem to keep 5544 open in between. Could you tar up and post (or pm to one of us) the current logstash log(s) that you have for further review?
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
tar czf /tmp/logstash-logs.tar.gz /var/log/logstash/
Then if you could send the resulting /tmp/logstash-logs.tar.gz please.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Got it, and it's in our internal folder for this. I'll check it out and let you know!
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.