L
Size: a a a
2019 October 07
АК
не лишним будет показать конфиг
L
# sfgdfs
input {
# lumberjack {
# port => 5043
# codec => 'json'
# ssl_certificate => '/etc/logstash/ssl/logstash-forwarder.crt'
# ssl_key => '/etc/logstash/ssl/logstash-forwarder.key'
# }
# elasticsearch {
# hosts => ['http://10.***.***.24:9200']
# index => 'logstash-2017.08.01'
# query => '{ "query": { "match": { "type":"syslog-nginx" } } }'
## size => 500
## scroll => '5m'
## docinfo => true
# }
################################ програмисты ERLANG
udp {
codec => "json"
host => "0.0.0.0"
port => 12211
type => "erlang"
}
gelf {
type => "docker"
port => 12201
}
gelf {
type => "php"
port => 12202
}
udp {
codec => "json"
port => 12203
type => "ave-neo4j"
}
lumberjack {
codec => 'json'
port => 12204
ssl_certificate => '/etc/logstash/ssl/lumberjack.cert'
ssl_key => '/etc/logstash/ssl/lumberjack.key'
type => 'lumberjack-suricata'
}
# beats {
# port => 1555
# type => "test"
# }
# udp {
# port => 9996
## type => "netflow"
# codec => netflow
##{
## versions => [5,9,10]
## }
# }
}
output {
# if [type] == "test" {
# elasticsearch {
# hosts => ['http://10.***.***.61:9200','http://10.***.***.62:9200']
# index => "test-mlebedev-%{+YYYY.MM.dd}"
# template_overwrite => true
if [type] == "netflow" {
elasticsearch {
hosts => ['http://10.***.***.61:9200','http://10.***.***.62:9200']
index => "netflow-%{+YYYY.MM.dd}"
template_overwrite => true
}
}
else {
elasticsearch {
hosts => ['http://10.***.***.61:9200','http://10.***.***.62:9200']
index => 'logstash-%{+YYYY.MM.dd}-%{event_type}-%{type}'
template_overwrite => true
}
}
}
АК
закрывающую фигурную скобку в 66 строке попробуй закомментировать
АК
# udp {
# port => 9996
## type => "netflow"
# codec => netflow
##{
## versions => [5,9,10]
## }
# }
}
# port => 9996
## type => "netflow"
# codec => netflow
##{
## versions => [5,9,10]
## }
# }
}
L
# udp {
# port => 9996
## type => "netflow"
# codec => netflow
##{
## versions => [5,9,10]
## }
# }
}
# port => 9996
## type => "netflow"
# codec => netflow
##{
## versions => [5,9,10]
## }
# }
}
все скобки на месте, это закрывающая для инпута
D
а можно лог ошибки?)
АК
а пробелов в началае строки столько же сколько и в сообщении?
L
root@bs-logstash:[~] systemctl status logstash.service
● logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled)
Active: failed (Result: start-limit) since Пн 2019-10-07 13:36:15 MSK; 7min ago
Main PID: 13690 (code=exited, status=217/USER)
окт 07 13:36:15 bs-logstash systemd[1]: Unit logstash.service entered failed state.
окт 07 13:36:15 bs-logstash systemd[1]: logstash.service holdoff time over, scheduling restart.
окт 07 13:36:15 bs-logstash systemd[1]: Stopping logstash...
окт 07 13:36:15 bs-logstash systemd[1]: Starting logstash...
окт 07 13:36:15 bs-logstash systemd[1]: logstash.service start request repeated too quickly, refusing to start.
окт 07 13:36:15 bs-logstash systemd[1]: Failed to start logstash.
окт 07 13:36:15 bs-logstash systemd[1]: Unit logstash.service entered failed state.
окт 07 13:42:02 bs-logstash systemd[1]: Stopped logstash.
АК
странно что оно до редактирования работало
АК
ямл придирчив к пробелам в начале строки
