无法判断正常启动时Logstash绑定或侦听的端口

时间:2016-07-19 09:27:54

标签: logstash logstash-configuration

我的logstash版本是:

# /opt/logstash/bin/logstash --version
logstash 2.2.4

它被配置为根据filebeat文件接收来自端口5044的输入:

  

/etc/logstash/conf.d/02-beats-input.conf 

input {
  beats {
    port => 5044
    ssl => false
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

我已将ssl设置为false,因为我没有使用它

但是当我使用systemctl正常启动logstash服务时,启动并检查状态确认它正在运行

   systemctl status logstash
    ● logstash.service - LSB: Starts Logstash as a daemon.
       Loaded: loaded (/etc/rc.d/init.d/logstash)
       Active: active (exited) since Mon 2016-07-18 19:14:51 BST; 15h ago
         Docs: man:systemd-sysv-generator(8)
      Process: 19965 ExecStop=/etc/rc.d/init.d/logstash stop (code=exited, status=0/SUCCESS)
      Process: 19970 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
...
    logstash started

问题是logstash似乎没有在端口5044上接收输入。发送文件节点的主机遇到:

single.go:126: INFO Connecting error publishing events (retrying): dial tcp 192.72.0.92:5044: getsockopt: connection refused

当我检查端口

# netstat  -an | grep 5044

我一无所获。因此,即使logstash正在运行,我也无法告诉它绑定到哪个端口并进行监听。

此外,还会暂时停止防火墙以进行调查。

奇怪的是,我运行logstash就像调试模式一样:

# ./logstash --debug -f /etc/logstash/conf.d/02-beats-input.conf

我可以看到

# netstat -an | grep 5044
tcp6       0      0 :::5044                 :::*                    LISTEN
tcp6       0      0 192.72.0.92:5044        192.168.36.70:53720     ESTABLISHED
tcp6       0      0 192.72.0.92:5044        192.72.0.90:45980       ESTABLISHED
tcp6       0      0 192.72.0.92:5044        192.72.0.90:45975       ESTABLISHED
tcp6       0      0 192.72.0.92:5044        192.72.0.90:45976       ESTABLISHED


# lsof -i :5044
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
java    15136 root    7u  IPv6 7191510      0t0  TCP *:lxi-evntsvc (LISTEN)
java    15136 root   33u  IPv6 7192379      0t0  TCP hostname:lxi-evntsvc->192.72.0.90:45975 (ESTABLISHED)

发送文件的主机可以连接

 output.go:87: DBG  output worker: publish 7 events
2016/07/19 10:02:08.017890 client.go:146: DBG  Try to publish 7 events to logstash with window size 10
2016/07/19 10:02:08.038579 client.go:124: DBG  7 events out of 7 events sent to logstash. Continue sending ...
2016/07/19 10:02:08.038615 single.go:135: DBG  send completed

请帮助指出我在使用此配置时可能出错的地方。感谢

1 个答案:

答案 0 :(得分:0)

基于@ LiGhTx117提供的hing

我认为

logstash使用的启动脚本:

  

/etc/init.d/logstash

具有以下变量:

LS_USER=logstash
LS_GROUP=logstash
LS_HOME=/var/lib/logstash
LS_LOG_DIR=/var/log/logstash
LS_LOG_FILE="${LS_LOG_DIR}/$name.log"
LS_CONF_DIR=/etc/logstash/conf.d

这些的所有权和许可似乎是个问题。

  

我确保了递归访问的目录   用户logstash以及组logstash

  

然后我还确保log_file:logstash.log是可写的   用户/组logstash

重新启动logstash

相关问题
最新问题