graylog-plugin-s3 icon indicating copy to clipboard operation
graylog-plugin-s3 copied to clipboard

Published 20 hours ago verified publisher icon sherzberg

No logs pulling in

Open StubbsPKS opened this issue 7 years ago • 3 comments

I'm currently moving over from Logstash to Graylog, and I'm having a rough time trying to get ELB logs from S3 into Graylog.

The ELB logs to a bucket called te-prod-pub-web-logs. That bucket has an event to send PUT, DELETE events to SNS topic snnvteprotsweb and SQS queue sqnvteprotsweb is subbed to that topic.

Graylog is set up with an IAM user that has access to all of these resources as defined in the readme, but I never see logs come in after turning on the input. Not really sure how to troubleshoot this at all, and was hoping you might have a resource you could point me toward that would help me get this up and running.

StubbsPKS avatar Aug 29 '17 18:08 StubbsPKS

@StubbsPKS sorry for the late reply. Do you have any automation scripts to set all of this up? Can you share it?

Otherwise, do you have any server logs you can provide a link via gist or similar?

sherzberg avatar Sep 06 '17 02:09 sherzberg

I have the same problem. As far as I can tell, everything is setup right, but I can't see any way to prove that. Are there any log files created by this plugin that could help? The Graylog log file doesn't contain anything other than stop/start entries for that input.

VeryBaddude avatar Apr 04 '18 19:04 VeryBaddude

we are seeing the same issue. Nothing but a parser error

java.lang.NullPointerException: null at org.sherzberg.graylog.aws.inputs.s3.notifications.S3SNSNotificationParser.parse(S3SNSNotificationParser.java:35) [graylog-plugin-s3-2.3.0.2-SNAPSHOT.jar:?] at org.sherzberg.graylog.aws.inputs.s3.notifications.S3SQSClient.getNotifications(S3SQSClient.java:55) [graylog-plugin-s3-2.3.0.2-SNAPSHOT.jar:?] at org.sherzberg.graylog.aws.inputs.s3.S3Subscriber$Processor.run(S3Subscriber.java:82) [graylog-plugin-s3-2.3.0.2-SNAPSHOT.jar:?] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_181] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_181] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_181] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2018-10-01T18:31:16.667Z ERROR [S3Subscriber] Could not read messages from SNS. This is most likely a misconfiguration of the plugin. Going into sleep loop and retrying. java.lang.RuntimeException: Could not parse SNS notification: {

Any clue as to the issue?

skuzbucket1 avatar Oct 01 '18 18:10 skuzbucket1