logstash 문제

 syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:135:in `initialize'", "org/jruby/RubyIO.java:875:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:167:in `tcp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in `server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:114:in `block in run'"]}
Sep 26 19:33:26 SyslogServer logstash: [2018-09-26T19:33:26,588][WARN ][logstash.inputs.syslog   ] syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:200:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:149:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in `server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:110:in `block in run'"]}

vim /etc/systemd/system/logstash.service

[Unit] 
Description=logstash

[Service] 
Type=simple
User=logstash
Group=logstash

로 수정

[Unit] 
Description=logstash

[Service] 
Type=simple
User=root
Group=root

/usr/share/logstash/bin/logstash-plugin install logstash-codec-sflow

vim /etc/systemd/system/logstash.service

[Unit]
Description=logstash

[Service]
Type=simple
User=root
Group=root
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384


# ElastiFlow global configuration
Environment="ELASTIFLOW_DICT_PATH=/etc/logstash/elastiflow/dictionaries"
Environment="ELASTIFLOW_TEMPLATE_PATH=/etc/logstash/elastiflow/templates"
Environment="ELASTIFLOW_GEOIP_DB_PATH=/etc/logstash/elastiflow/geoipdbs"
Environment="ELASTIFLOW_GEOIP_CACHE_SIZE=8192"
Environment="ELASTIFLOW_GEOIP_LOOKUP=true"
Environment="ELASTIFLOW_ASN_LOOKUP=true"
Environment="ELASTIFLOW_KEEP_ORIG_DATA=true"
Environment="ELASTIFLOW_DEFAULT_APPID_SRCTYPE=__UNKNOWN"

# Name resolution option
Environment="ELASTIFLOW_RESOLVE_IP2HOST=false"
Environment="ELASTIFLOW_NAMESERVER=127.0.0.1"
Environment="ELASTIFLOW_DNS_HIT_CACHE_SIZE=25000"
Environment="ELASTIFLOW_DNS_HIT_CACHE_TTL=900"
Environment="ELASTIFLOW_DNS_FAILED_CACHE_SIZE=75000"
Environment="ELASTIFLOW_DNS_FAILED_CACHE_TTL=3600"

# Elasticsearch connection settings
#   - If you need Logstash to connect to one of an array of servers, you must edit the output directly.
#   - If ELASTIFLOW_ES_SSL_VERIFY is true then you must edit the output and set the path where the cacert can be found.
Environment="ELASTIFLOW_ES_HOST=127.0.0.1:9200"
Environment="ELASTIFLOW_ES_SSL_ENABLE=false"
Environment="ELASTIFLOW_ES_SSL_VERIFY=false"
Environment="ELASTIFLOW_ES_USER=elastic"
Environment="ELASTIFLOW_ES_PASSWD=changeme"

# Netflow - IPv4
Environment="ELASTIFLOW_NETFLOW_IPV4_HOST=0.0.0.0"
Environment="ELASTIFLOW_NETFLOW_IPV4_PORT=2055"
# Netflow - IPv6
Environment="ELASTIFLOW_NETFLOW_IPV6_HOST=[::]"
Environment="ELASTIFLOW_NETFLOW_IPV6_PORT=52055"
# Netflow - UDP input options
Environment="ELASTIFLOW_NETFLOW_UDP_WORKERS=4"
Environment="ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE=4096"
# Netflow timestamp options
Environment="ELASTIFLOW_NETFLOW_LASTSW_TIMESTAMP=false"
Environment="ELASTIFLOW_NETFLOW_TZ=UTC"

# sFlow - IPv4
Environment="ELASTIFLOW_SFLOW_IPV4_HOST=0.0.0.0"
Environment="ELASTIFLOW_SFLOW_IPV4_PORT=6343"
# sFlow - IPv6
Environment="ELASTIFLOW_SFLOW_IPV6_HOST=[::]"
Environment="ELASTIFLOW_SFLOW_IPV6_PORT=56343"
# sFlow - UDP input options
Environment="ELASTIFLOW_SFLOW_UDP_WORKERS=4"
Environment="ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE=4096"

# IPFIX - IPv4
Environment="ELASTIFLOW_IPFIX_TCP_IPV4_HOST=0.0.0.0"
Environment="ELASTIFLOW_IPFIX_TCP_IPV4_PORT=4739"
Environment="ELASTIFLOW_IPFIX_UDP_IPV4_HOST=0.0.0.0"
Environment="ELASTIFLOW_IPFIX_UDP_IPV4_PORT=4739"
# IPFIX - IPv6
Environment="ELASTIFLOW_IPFIX_TCP_IPV6_HOST=[::]"
Environment="ELASTIFLOW_IPFIX_TCP_IPV6_PORT=54739"
Environment="ELASTIFLOW_IPFIX_UDP_IPV6_HOST=[::]"
Environment="ELASTIFLOW_IPFIX_UDP_IPV6_PORT=54739"
# IPFIX - UDP input options
Environment="ELASTIFLOW_IPFIX_UDP_WORKERS=4"
Environment="ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE=4096"

[Install]
WantedBy=multi-user.target

이 내용에 흥미가 있습니까?

현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:

다양한 언어의 JSON

JSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...

텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.

CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.

logstash 문제

좋은 웹페이지 즐겨찾기