Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Logstash Starts and then fails

https://support.nagios.com/forum/viewtopic.php?t=50826

Page 1 of 1

Logstash Starts and then fails

Posted: Wed Oct 24, 2018 2:44 pm
by ttoepp
We have been noticing that the logstash service will not stay running. When looking at the logstash.log file we see this when starting the service:
{:timestamp=>"2018-10-24T15:03:16.145000-0400", :message=>"Pipeline main started"}
{:timestamp=>"2018-10-24T15:03:16.339000-0400", :message=>"Pipeline main has been shutdown"}
{:timestamp=>"2018-10-24T15:03:19.151000-0400", :message=>"stopping pipeline", :id=>"main"}

When we manually try and run it we get this:
[root@nagiosls bin]# ./logstash -f /usr/local/nagioslogserver/logstash/etc/conf.d
Settings: Default pipeline workers: 4
Pipeline main started
Pipeline main has been shutdown
stopping pipeline {:id=>"main"}

I haven't applied any filters and have kept the configuration vanilla
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Wed, 24 Oct 2018 15:35:03 -0400
#

#
# Global inputs
#

input {
syslog {
type => 'syslog'
port => 5544
}
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
tcp {
type => 'import_raw'
tags => 'import_raw'
port => 2056
}
tcp {
type => 'import_json'
tags => 'import_json'
port => 2057
codec => json
}
syslog {
type => 'syslog'
port => 514
}
}

#
# Local inputs
#
===================================================
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Wed, 24 Oct 2018 15:36:44 -0400
#

#
# Global filters
#

filter {
if [program] == 'apache_access' {
grok {
match => [ 'message', '%{COMBINEDAPACHELOG}']
}
date {
match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ]
}
mutate {
replace => [ 'type', 'apache_access' ]
convert => [ 'bytes', 'integer' ]
convert => [ 'response', 'integer' ]
}
}

if [program] == 'apache_error' {
grok {
match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
}
mutate {
replace => [ 'type', 'apache_error' ]
}
}
}

#
# Local filters
#
====================================================================
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Wed, 24 Oct 2018 15:37:26 -0400
#

#
# Global outputs
#



#
# Local outputs
#

Re: Logstash Starts and then fails

Posted: Wed Oct 24, 2018 2:59 pm
by ttoepp
I changed my search and found a related issue that seemed to match mine, there was a note to run this command:
/usr/bin/php /var/www/html/nagioslogserver/www/index.php configure/write_configs_for_node

which I did and now it seems to be running without constantly crashing.

Re: Logstash Starts and then fails

Posted: Wed Oct 24, 2018 3:42 pm
by scottwilkerson
ttoepp wrote:I changed my search and found a related issue that seemed to match mine, there was a note to run this command:
/usr/bin/php /var/www/html/nagioslogserver/www/index.php configure/write_configs_for_node

which I did and now it seems to be running without constantly crashing.
Excellent, glad the issue is resolved

Locking
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited