buckshome
commented
7 years ago I know I had to install the logstash-output-email plugin to get rid of the email errors. Apparently it no longer comes pre-packaged with logstash.
Closed pdobrien3 closed 7 years ago
buckshome
commented
7 years ago I know I had to install the logstash-output-email plugin to get rid of the email errors. Apparently it no longer comes pre-packaged with logstash.
pdobrien3
commented
7 years ago Thank you so much buckshome.....that fixed it and I still have a little bit of hair left :-)
pdobrien3
commented
7 years ago I now have an extremely functional sweet security install. Awesome software, thanks. Is there a way to turn off new ip added to the baseline and new DNS query added to the baseline emails? Hoping to only get email notification when a new device is found. Thanks.
TravisFSmith
commented
7 years ago Right now it's hard coded. You can do one of the following methods to disable those emails:
--or--
results of sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console. WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console 19:21:02.931 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"} 19:21:03.094 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"} 19:22:11.140 [LogStash::Runner] ERROR logstash.plugins.registry - Problems loading a plugin with {:type=>"output", :name=>"email", :path=>"logstash/outputs/email", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:226:in
namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:162:inlegacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:138:inlookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:180:inlookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:140:inlookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:100:inplugin'", "(eval):1722:ininitialize'", "org/jruby/RubyKernel.java:1079:ineval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:72:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:299:inexecute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:209:inrun'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:inrun'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in(root)'"]} 19:22:11.209 [LogStash::Runner] FATAL logstash.runner - The given configuration is invalid. Reason: Couldn't find any output plugin named 'email'. Are you sure this is correct? Trying to load the email output plugin resulted in this error: Problems loading the requested plugin named email of type output. Error: NameError NameError