IRC Logs for #logstash | BotBot.me [o_

21:02 PM
b10n1k has quit
21:16 PM
b10n1k joined the channel
21:24 PM
notebox joined the channel
21:25 PM
notebox has quit
21:30 PM
hugh_jass joined the channel
21:32 PM
devster31 joined the channel
21:35 PM
devster31 has quit
21:47 PM
flowstategames joined the channel
21:55 PM
notebox joined the channel
21:56 PM
kcas_ has quit
21:59 PM
alealeale joined the channel
21:59 PM
alealeale

hey guys
21:59 PM
v01t has quit
22:00 PM
v01t joined the channel
22:00 PM
we've just been trying logstash 5.4.3 and it seems infinite slower to process messages than with our "old" (current) logstash (1.5.x) version ... has anyone had similar experience ? what did you do to "fix" it ?
22:00 PM
s/messages/events/ ;)
22:00 PM
hugh_jass joined the channel
22:02 PM
achan joined the channel
22:03 PM
i know it's a little vague... but the setup is actually quite simple ... logstash-shipper (still 1.5.x) (lumberjack output) -> (lumberjack-input) logstash-indexer 5.4.3 (elasticsearch-output) -> ES
22:07 PM
LJ23 has quit
22:30 PM
hugh_jass joined the channel
22:46 PM
alealeale has quit
22:56 PM
flowstategames has quit
23:00 PM
hugh_jass joined the channel
23:07 PM
LJ23 joined the channel
23:12 PM
LJ23 has quit
23:14 PM
MajPotatohead joined the channel
23:14 PM
MajPotatohead has quit
23:14 PM
MajPotatohead joined the channel
23:30 PM
hugh_jass joined the channel
23:36 PM
notebox joined the channel
23:37 PM
notebox has quit
23:41 PM
ambrose

Hi I have a new Logstash install from .deb on Ubuntu 16, trying to read FreeRADIUS log but getting permission denied. I tried adding logstash user to freerad group but still permission denied. What's the recommended way to allow access? I tried setting LS_USER='root' in /etc/default/logstash and /etc/logstash/startup.options but still it can't read it
23:42 PM
When I start logstash manually (./bin/logstash --path /etc/logstash) then it works fine, but not when starting from 'service logstash start'
23:48 PM
BaM`

ambrose: if you installed logstash from a deb it should be trying to run as the logstash user
23:49 PM
if you've started it as root from the cmdline then you've probably messed up permissions somewhere
23:49 PM
most likely a log file
23:49 PM
s/permissions/ownership
23:49 PM
I wouldn't recommend starting the service as root at any rate
23:49 PM
it's fine how it is
23:51 PM
ambrose

BaM`: how to fix this? https://paste.ubuntu.com/25014720/
23:51 PM
BaM`

what's the group ownership of that file?
23:52 PM
ambrose

Freeradius creates new files daily with permissions -rw------- 1 freerad freerad
23:52 PM
BaM`

usermod -a -G logstash freerad
23:53 PM
uh, except that file mode is 600
23:53 PM
ambrose

BaM`: ok thx just ran that
23:53 PM
BaM`

so that won't help
23:53 PM
ambrose

oh ok
23:53 PM
BaM`

the file needs to be at least 640 for that to work
23:53 PM
ambrose

The files are created that way by freeradius?
23:54 PM
BaM`

freeradius might have an option to set the mode on write
23:56 PM
also, if it's writing a new file every day, logstash is going to end up with a massive sincedb file after a while
23:56 PM
because it's going to record its place in every file it comes across
23:56 PM
ambrose

ok?
23:57 PM
it's a problem?
23:57 PM
BaM`

it could be
23:57 PM
I don't have any experience with that exact case, because none of our log files are written like that - with the date in the name
23:57 PM
but logstash is going to record it's place in the file, and then never use that info again
23:57 PM
but start a new sincedb entry for the next day's log file
23:58 PM
ambrose

Well it wont be a problem if I can't get Logstash to read the file :p
23:58 PM
BaM`

so every day the sincedb file gets bigger instead of just being modified
23:59 PM
you can try doing setgid on the log file directory