[syslog-ng] Cannot send Syslog-ng to Elasticsearch
Fabien Wernli
wernli at in2p3.fr
Thu Jul 11 07:00:09 UTC 2019
Hi,
On Wed, Jul 10, 2019 at 08:22:38PM +0000, Allen Olivas wrote:
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1032/systemd-resolv
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1874/sshd
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2145/master
> tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 13557/sshd: aolivas
> tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 15586/sshd: aolivas
> tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 1314/node
> tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN 2329/ossec-authd
> tcp6 0 0 :::9200 :::* LISTEN 1738/java
> tcp6 0 0 :::9300 :::* LISTEN 1738/java
> tcp6 0 0 :::22 :::* LISTEN 1874/sshd
> tcp6 0 0 :::55000 :::* LISTEN 1734/nodejs
> tcp6 0 0 :::25 :::* LISTEN 2145/master
> tcp6 0 0 ::1:6010 :::* LISTEN 13557/sshd: aolivas
> tcp6 0 0 ::1:6011 :::* LISTEN 15586/sshd: aolivas
It seems to me your ES is listening on ipv6 only.
Please retry after setting the following in your elasticsearch.yml:
network.host:
- 127.0.0.1
And then curl to 127.0.0.1 explicitly (localhost may resolve to ::1)
More information about the syslog-ng
mailing list