0

I am going to install NetFlow.
Here is a document for it.

My logstash.yml setting is following.

modules:
  - name: netflow
    var.input.udp.port: 9996

I've run this command.

/usr/share/logstash/bin/logstash --modules netflow -M netflow.var.input.udp.port=9996

I've got following error.

JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2022-02-15 23:44:29.148 [main] runner - Starting Logstash {"logstash.version"=>"7.17.0", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.13+8 on 11.0.13+8 +indy +jit [linux-x86_64]"}
[INFO ] 2022-02-15 23:44:29.163 [main] runner - JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true]
Your settings are invalid. Reason: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.
[FATAL] 2022-02-15 23:44:29.208 [main] Logstash - Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
    at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.20.1.jar:?]
    at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.20.1.jar:?]
    at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:94) ~[?:?]

Is there a solution for it?

grudev
  • 485
  • 1
  • 6
  • 15

1 Answers1

0

The error message states the following:

Your settings are invalid. Reason: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.

So you simply need to make the /usr/share/logstash/data folder writable by the logstash user.

Val
  • 207,596
  • 13
  • 358
  • 360
  • what about to run the command after the following command? sudo su – grudev Feb 15 '22 at 12:46
  • You can also do that and run Logstash as root, but it's dangerous depending on what your pipeline is doing, because Logstash would have full access to your system. – Val Feb 15 '22 at 12:57
  • I've run as root but all of netflow data is empty, I can't see any fields. The following error was occurred. no indices match pattern netflow- – grudev Feb 17 '22 at 15:59
  • That's a different error than stated in your original question. Then I guess this question is solved and you can create a new thread for the newer problem. – Val Feb 17 '22 at 16:07