Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # bin/logstash --debug -f /etc/logstash/conf.d/12-input-nmap.conf
- WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
- ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
- Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs to console
- 17:52:09.729 [LogStash::Runner] DEBUG logstash.runner - -------- Logstash Settings (* means modified) ---------
- 17:52:09.733 [LogStash::Runner] DEBUG logstash.runner - node.name: "logstash1-dev.abuse-elk.corp.iweb.com"
- 17:52:09.733 [LogStash::Runner] DEBUG logstash.runner - *path.config: "/etc/logstash/conf.d/12-input-nmap.conf"
- 17:52:09.733 [LogStash::Runner] DEBUG logstash.runner - path.data: "/usr/share/logstash/data"
- 17:52:09.733 [LogStash::Runner] DEBUG logstash.runner - config.test_and_exit: false
- 17:52:09.733 [LogStash::Runner] DEBUG logstash.runner - config.reload.automatic: false
- 17:52:09.734 [LogStash::Runner] DEBUG logstash.runner - config.reload.interval: 3
- 17:52:09.734 [LogStash::Runner] DEBUG logstash.runner - metric.collect: true
- 17:52:09.734 [LogStash::Runner] DEBUG logstash.runner - pipeline.id: "main"
- 17:52:09.734 [LogStash::Runner] DEBUG logstash.runner - pipeline.workers: 2
- 17:52:09.734 [LogStash::Runner] DEBUG logstash.runner - pipeline.output.workers: 1
- 17:52:09.735 [LogStash::Runner] DEBUG logstash.runner - pipeline.batch.size: 125
- 17:52:09.735 [LogStash::Runner] DEBUG logstash.runner - pipeline.batch.delay: 5
- 17:52:09.735 [LogStash::Runner] DEBUG logstash.runner - pipeline.unsafe_shutdown: false
- 17:52:09.735 [LogStash::Runner] DEBUG logstash.runner - path.plugins: []
- 17:52:09.736 [LogStash::Runner] DEBUG logstash.runner - config.debug: false
- 17:52:09.737 [LogStash::Runner] DEBUG logstash.runner - *log.level: "debug" (default: "info")
- 17:52:09.737 [LogStash::Runner] DEBUG logstash.runner - version: false
- 17:52:09.737 [LogStash::Runner] DEBUG logstash.runner - help: false
- 17:52:09.738 [LogStash::Runner] DEBUG logstash.runner - log.format: "plain"
- 17:52:09.738 [LogStash::Runner] DEBUG logstash.runner - http.host: "127.0.0.1"
- 17:52:09.738 [LogStash::Runner] DEBUG logstash.runner - http.port: 9600..9700
- 17:52:09.738 [LogStash::Runner] DEBUG logstash.runner - http.environment: "production"
- 17:52:09.738 [LogStash::Runner] DEBUG logstash.runner - queue.type: "memory"
- 17:52:09.739 [LogStash::Runner] DEBUG logstash.runner - queue.page_capacity: 262144000
- 17:52:09.739 [LogStash::Runner] DEBUG logstash.runner - queue.max_bytes: 1073741824
- 17:52:09.739 [LogStash::Runner] DEBUG logstash.runner - queue.max_events: 0
- 17:52:09.740 [LogStash::Runner] DEBUG logstash.runner - queue.checkpoint.acks: 1024
- 17:52:09.740 [LogStash::Runner] DEBUG logstash.runner - queue.checkpoint.writes: 1024
- 17:52:09.740 [LogStash::Runner] DEBUG logstash.runner - queue.checkpoint.interval: 1000
- 17:52:09.740 [LogStash::Runner] DEBUG logstash.runner - slowlog.threshold.warn: -1
- 17:52:09.740 [LogStash::Runner] DEBUG logstash.runner - slowlog.threshold.info: -1
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - slowlog.threshold.debug: -1
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - slowlog.threshold.trace: -1
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - path.queue: "/usr/share/logstash/data/queue"
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - path.settings: "/usr/share/logstash/config"
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - path.logs: "/usr/share/logstash/logs"
- 17:52:09.741 [LogStash::Runner] DEBUG logstash.runner - --------------- Logstash Settings -------------------
- 17:52:09.757 [LogStash::Runner] DEBUG logstash.agent - Agent: Configuring metric collection
- 17:52:09.760 [LogStash::Runner] DEBUG logstash.instrument.periodicpoller.os - PeriodicPoller: Starting {:polling_interval=>5, :polling_timeout=>120}
- 17:52:09.793 [LogStash::Runner] DEBUG logstash.instrument.periodicpoller.jvm - PeriodicPoller: Starting {:polling_interval=>5, :polling_timeout=>120}
- 17:52:09.835 [LogStash::Runner] DEBUG logstash.instrument.periodicpoller.persistentqueue - PeriodicPoller: Starting {:polling_interval=>5, :polling_timeout=>120}
- 17:52:09.842 [LogStash::Runner] DEBUG logstash.agent - Reading config file {:config_file=>"/etc/logstash/conf.d/12-input-nmap.conf"}
- 17:52:09.991 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"http", :type=>"input", :class=>LogStash::Inputs::Http}
- 17:52:10.502 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"nmap", :type=>"codec", :class=>LogStash::Codecs::Nmap}
- 17:52:10.507 [LogStash::Runner] INFO logstash.codecs.nmap - Using version 0.1.x codec plugin 'nmap'. This plugin isn't well supported by the community and likely has no maintainer.
- 17:52:10.508 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@id = "nmap_348cb248-c108-4d93-87c2-b07932936f3e"
- 17:52:10.509 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@enable_metric = true
- 17:52:10.509 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@emit_scan_metadata = true
- 17:52:10.509 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@emit_hosts = true
- 17:52:10.510 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@emit_ports = true
- 17:52:10.511 [LogStash::Runner] DEBUG logstash.codecs.nmap - config LogStash::Codecs::Nmap/@emit_traceroute_links = true
- 17:52:10.512 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@port = 8000
- 17:52:10.512 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@codec = <LogStash::Codecs::Nmap id=>"nmap_348cb248-c108-4d93-87c2-b07932936f3e", enable_metric=>true, emit_scan_metadata=>true, emit_hosts=>true, emit_ports=>true, emit_traceroute_links=>true>
- 17:52:10.513 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@tags = ["nmap"]
- 17:52:10.513 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-1"
- 17:52:10.513 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@enable_metric = true
- 17:52:10.513 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@add_field = {}
- 17:52:10.513 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@host = "0.0.0.0"
- 17:52:10.514 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@threads = 4
- 17:52:10.514 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@ssl = false
- 17:52:10.514 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@verify_mode = "none"
- 17:52:10.514 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@additional_codecs = {"application/json"=>"json"}
- 17:52:10.515 [LogStash::Runner] DEBUG logstash.inputs.http - config LogStash::Inputs::Http/@response_headers = {"Content-Type"=>"text/plain"}
- 17:52:10.516 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"drop", :type=>"filter", :class=>LogStash::Filters::Drop}
- 17:52:10.519 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-2"
- 17:52:10.519 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@enable_metric = true
- 17:52:10.519 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@add_tag = []
- 17:52:10.519 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@remove_tag = []
- 17:52:10.519 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@add_field = {}
- 17:52:10.520 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@remove_field = []
- 17:52:10.520 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@periodic_flush = false
- 17:52:10.520 [LogStash::Runner] DEBUG logstash.filters.drop - config LogStash::Filters::Drop/@percentage = 100
- 17:52:10.529 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"mutate", :type=>"filter", :class=>LogStash::Filters::Mutate}
- 17:52:10.533 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@remove_field = ["headers", "hostname"]
- 17:52:10.533 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-3"
- 17:52:10.533 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@enable_metric = true
- 17:52:10.534 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@add_tag = []
- 17:52:10.534 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@remove_tag = []
- 17:52:10.534 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@add_field = {}
- 17:52:10.535 [LogStash::Runner] DEBUG logstash.filters.mutate - config LogStash::Filters::Mutate/@periodic_flush = false
- 17:52:10.584 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"geoip", :type=>"filter", :class=>LogStash::Filters::GeoIP}
- 17:52:10.599 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@source = "[to][address]"
- 17:52:10.599 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@target = "[to][geoip]"
- 17:52:10.603 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-4"
- 17:52:10.603 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@enable_metric = true
- 17:52:10.603 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_tag = []
- 17:52:10.603 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_tag = []
- 17:52:10.603 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_field = {}
- 17:52:10.604 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_field = []
- 17:52:10.604 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@periodic_flush = false
- 17:52:10.604 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@fields = ["city_name", "continent_code", "country_code2", "country_code3", "country_name", "dma_code", "ip", "latitude", "longitude", "postal_code", "region_name", "region_code", "timezone", "location"]
- 17:52:10.604 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@cache_size = 1000
- 17:52:10.604 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@lru_cache_size = 1000
- 17:52:10.605 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@tag_on_failure = ["_geoip_lookup_failure"]
- 17:52:10.610 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@source = "[from][address]"
- 17:52:10.613 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@target = "[from][geoip]"
- 17:52:10.614 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-5"
- 17:52:10.614 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@enable_metric = true
- 17:52:10.614 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_tag = []
- 17:52:10.614 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_tag = []
- 17:52:10.615 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_field = {}
- 17:52:10.615 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_field = []
- 17:52:10.615 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@periodic_flush = false
- 17:52:10.615 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@fields = ["city_name", "continent_code", "country_code2", "country_code3", "country_name", "dma_code", "ip", "latitude", "longitude", "postal_code", "region_name", "region_code", "timezone", "location"]
- 17:52:10.615 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@cache_size = 1000
- 17:52:10.616 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@lru_cache_size = 1000
- 17:52:10.616 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@tag_on_failure = ["_geoip_lookup_failure"]
- 17:52:10.624 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@source = "ipv4"
- 17:52:10.625 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@target = "geoip"
- 17:52:10.625 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-6"
- 17:52:10.627 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@enable_metric = true
- 17:52:10.627 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_tag = []
- 17:52:10.627 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_tag = []
- 17:52:10.627 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@add_field = {}
- 17:52:10.628 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@remove_field = []
- 17:52:10.628 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@periodic_flush = false
- 17:52:10.628 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@fields = ["city_name", "continent_code", "country_code2", "country_code3", "country_name", "dma_code", "ip", "latitude", "longitude", "postal_code", "region_name", "region_code", "timezone", "location"]
- 17:52:10.628 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@cache_size = 1000
- 17:52:10.628 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@lru_cache_size = 1000
- 17:52:10.629 [LogStash::Runner] DEBUG logstash.filters.geoip - config LogStash::Filters::GeoIP/@tag_on_failure = ["_geoip_lookup_failure"]
- 17:52:10.632 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"stdout", :type=>"output", :class=>LogStash::Outputs::Stdout}
- 17:52:10.635 [LogStash::Runner] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"rubydebug", :type=>"codec", :class=>LogStash::Codecs::RubyDebug}
- 17:52:10.637 [LogStash::Runner] DEBUG logstash.codecs.rubydebug - config LogStash::Codecs::RubyDebug/@id = "rubydebug_442c3439-7774-48ce-b385-687bff2d730f"
- 17:52:10.638 [LogStash::Runner] DEBUG logstash.codecs.rubydebug - config LogStash::Codecs::RubyDebug/@enable_metric = true
- 17:52:10.638 [LogStash::Runner] DEBUG logstash.codecs.rubydebug - config LogStash::Codecs::RubyDebug/@metadata = false
- 17:52:10.685 [LogStash::Runner] DEBUG logstash.outputs.stdout - config LogStash::Outputs::Stdout/@codec = <LogStash::Codecs::RubyDebug id=>"rubydebug_442c3439-7774-48ce-b385-687bff2d730f", enable_metric=>true, metadata=>false>
- 17:52:10.685 [LogStash::Runner] DEBUG logstash.outputs.stdout - config LogStash::Outputs::Stdout/@id = "be3f3b9597cf183da28270d73d93cf8572ddac0b-7"
- 17:52:10.686 [LogStash::Runner] DEBUG logstash.outputs.stdout - config LogStash::Outputs::Stdout/@enable_metric = true
- 17:52:10.686 [LogStash::Runner] DEBUG logstash.outputs.stdout - config LogStash::Outputs::Stdout/@workers = 1
- 17:52:10.692 [Ruby-0-Thread-3: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:22] DEBUG logstash.agent - starting agent
- 17:52:10.694 [Ruby-0-Thread-3: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:22] DEBUG logstash.agent - starting pipeline {:id=>"main"}
- 17:52:10.701 [[main]-pipeline-manager] INFO logstash.filters.geoip - Using geoip database {:path=>"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.0.4-java/vendor/GeoLite2-City.mmdb"}
- 17:52:10.884 [[main]-pipeline-manager] INFO logstash.filters.geoip - Using geoip database {:path=>"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.0.4-java/vendor/GeoLite2-City.mmdb"}
- 17:52:10.885 [[main]-pipeline-manager] INFO logstash.filters.geoip - Using geoip database {:path=>"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.0.4-java/vendor/GeoLite2-City.mmdb"}
- 17:52:10.887 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
- 17:52:10.925 [[main]-pipeline-manager] DEBUG logstash.plugins.registry - On demand adding plugin to the registry {:name=>"json", :type=>"codec", :class=>LogStash::Codecs::JSON}
- 17:52:10.927 [[main]-pipeline-manager] DEBUG logstash.codecs.json - config LogStash::Codecs::JSON/@id = "json_3f0c340e-ded1-4363-99fc-9b2ffce2d35b"
- 17:52:10.928 [[main]-pipeline-manager] DEBUG logstash.codecs.json - config LogStash::Codecs::JSON/@enable_metric = true
- 17:52:10.928 [[main]-pipeline-manager] DEBUG logstash.codecs.json - config LogStash::Codecs::JSON/@charset = "UTF-8"
- 17:52:10.931 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
- 17:52:10.962 [Api Webserver] DEBUG logstash.agent - Starting puma
- 17:52:10.963 [Api Webserver] DEBUG logstash.agent - Trying to start WebServer {:port=>9600}
- 17:52:10.964 [Api Webserver] DEBUG logstash.api.service - [api-service] start
- 17:52:10.989 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
- 17:52:14.411 [Ruby-0-Thread-20: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/puma-2.16.0-java/lib/puma/thread_pool.rb:61] ERROR logstash.inputs.http - unable to process event {"request_method"=>"POST", "request_path"=>"/", "request_uri"=>"/", "http_version"=>"HTTP/1.1", "http_host"=>"localhost:8000", "http_user_agent"=>"curl/7.47.0", "http_accept"=>"*/*", "http_x_nmap_target"=>"example.net", "content_length"=>"19525", "content_type"=>"application/x-www-form-urlencoded", "http_expect"=>"100-continue"}. exception => java.lang.ArrayIndexOutOfBoundsException: -1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement