syslog input plugin not opening the socket to listen #7012
Replies: 1 comment 1 reply
-
|
Wouldn't the correct line in this case be something like |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @leonardo-albertovich. Tried this as well, still the udp socket is not opened ~# ss -a | grep 5140 |
Beta Was this translation helpful? Give feedback.
-
I am trying to enable syslog plugin with fluent-bit, in the logs I see fluent-bit creating a server to listen on the port. However, I don't see any udp port been opened at host at 5140. Because of this its not listening to any syslog messages which I am sending from my external device. Any suggestion?
docker run -it -v /root/efk/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf -p 24224:24224 -p 5140:5140 cr.fluentbit.io/fluent/fluent-bit:2.0
Fluent Bit v2.0.9
[2023/03/13 20:35:00] [ info] Configuration:
[2023/03/13 20:35:00] [ info] flush time | 5.000000 seconds
[2023/03/13 20:35:00] [ info] grace | 5 seconds
[2023/03/13 20:35:00] [ info] daemon | 0
[2023/03/13 20:35:00] [ info] ___________
[2023/03/13 20:35:00] [ info] inputs:
[2023/03/13 20:35:00] [ info] forward
[2023/03/13 20:35:00] [ info] syslog
[2023/03/13 20:35:00] [ info] ___________
[2023/03/13 20:35:00] [ info] filters:
[2023/03/13 20:35:00] [ info] parser.0
[2023/03/13 20:35:00] [ info] ___________
[2023/03/13 20:35:00] [ info] outputs:
[2023/03/13 20:35:00] [ info] es.0
[2023/03/13 20:35:00] [ info] ___________
[2023/03/13 20:35:00] [ info] collectors:
[2023/03/13 20:35:00] [ info] [fluent bit] version=2.0.9, commit=4c0ca4fc5f, pid=1
[2023/03/13 20:35:00] [debug] [engine] coroutine stack size: 24576 bytes (24.0K)
[2023/03/13 20:35:00] [ info] [storage] ver=1.4.0, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2023/03/13 20:35:00] [ info] [cmetrics] version=0.5.8
[2023/03/13 20:35:00] [ info] [ctraces ] version=0.2.7
[2023/03/13 20:35:00] [ info] [input:forward:forward.0] initializing
[2023/03/13 20:35:00] [ info] [input:forward:forward.0] storage_strategy='memory' (memory only)
[2023/03/13 20:35:00] [debug] [forward:forward.0] created event channels: read=21 write=22
[2023/03/13 20:35:00] [debug] [in_fw] Listen='0.0.0.0' TCP_Port=24224
[2023/03/13 20:35:00] [debug] [downstream] listening on 0.0.0.0:24224
[2023/03/13 20:35:00] [ info] [input:forward:forward.0] listening on 0.0.0.0:24224
[2023/03/13 20:35:00] [ info] [input:syslog:syslog.1] initializing
[2023/03/13 20:35:00] [ info] [input:syslog:syslog.1] storage_strategy='memory' (memory only)
[2023/03/13 20:35:00] [debug] [syslog:syslog.1] created event channels: read=24 write=25
[2023/03/13 20:35:00] [debug] [downstream] listening on 127.0.0.1:5140
[2023/03/13 20:35:00] [ info] [in_syslog] UDP server binding 127.0.0.1:5140
[2023/03/13 20:35:00] [debug] [es:es.0] created event channels: read=27 write=28
[2023/03/13 20:35:00] [debug] [output:es:es.0] host=127.0.0.1 port=9200 uri=/_bulk index=fluent-bit type=_doc
[2023/03/13 20:35:00] [ info] [output:es:es.0] worker #0 started
[2023/03/13 20:35:00] [debug] [router] match rule forward.0:es.0
[2023/03/13 20:35:00] [debug] [router] match rule syslog.1:es.0
[2023/03/13 20:35:00] [ info] [output:es:es.0] worker #1 started
[2023/03/13 20:35:00] [ info] [http_server] listen iface=0.0.0.0 tcp_port=2020
[2023/03/13 20:35:00] [ info] [sp] stream processor started
~/efk# cat fluent-bit.conf
[SERVICE]
flush 5
daemon off
http_server on
log_level debug
parsers_file parsers.conf
[INPUT]
Name forward
Listen 0.0.0.0
Port 24224
[INPUT]
Name syslog
port 5140
listen 127.0.0.1
tag syslog.test
mode udp
[FILTER]
name parser
match *
key_name log
parser json
reserve_data true
[OUTPUT]
name es
match *
host 127.0.0.1
port 9200
replace_dots on
Type _doc
retry_limit false
logstash_format on
logstash_prefix fluent-bit
Beta Was this translation helpful? Give feedback.
All reactions