INPUT TCP issues from remote client after NLS upgrade to 2.0

[esmie]

After upgrading from 2.0.2 to 2.0.4, we are encountering some issues.
Some scripts are being run on some servers and the information is being sent to tcp port 5702 on Nagios Log Server, (we have already enabled the input on NLS). And note that it was working before the upgrade.

OS: Red Hat Enterprise Linux Server release 7.4

I've checked the Nagios Log Server Backend and have verified that it's receiving the data:

tcpdump -nei ens160 tcp port 5702:
608 packets captured
616 packets received by filter
0 packets dropped by kernel

No errors on logstash.log and elasticsearch.log

No results showing on the Nagios Log Server Dashboard.

I did another test, I connected to the remote server where the script is being run, and have enabled Linux file monitoring for the stated script, it did actually work (results can be viewed on the Nagios Log Server Dashboard).

Another thing is that we have another tcp input for another port 5701, also script is run on the same remote server, and we are not encountering any issues, the information is visible in NLS.

I've already tried recreating the input type, disabling filters on NLS and still got the same results.

Is there something I need to configure on the elasticsearch config files?

[cdienger]

I'm not aware of any changes between those versions that could explain the behavoir. I would be curious to see the tcpdump(use -w <filename>to write it to file and PM me the data if it contains sensitive info) as well a the logstash configuration(inputs, filters, and outputs(if something other than the default is used)).

[esmie]

Hi,

You can close this case ... it seems after the upgrade... the script that is running has to be modified, where a new line has to be entered.