TechQA.

Nxlog unable to send eventlog after certain time

480 views Asked by At

I'm using ElasticSearch / Logstash / Kibana to centralize my logs.

On the servers I'm running NXlog to send eventlogs. It's been running fine for a couple of days, but while troubleshooting something it stopped receiving any logs.

From my NXlog log:

ERROR couldn't connect to tcp socket on ...:port_no; No connection could be made because the target machine actively refused it.

and Elastic search is throwing exception

Caused by: java.io.IOException: Cannot run program "./.ddos2.4": error=2, No such file or           
    at java.lang.ProcessBuilder.start(ProcessBuilder.java:1047)
    at java.lang.Runtime.exec(Runtime.java:617)
    at java.lang.Runtime.exec(Runtime.java:450)
    at java.lang.Runtime.exec(Runtime.java:347)
    ... 36 more
 Caused by: java.io.IOException: error=2, No such file or directory
    at java.lang.UNIXProcess.forkAndExec(Native Method)
    at java.lang.UNIXProcess.<init>(UNIXProcess.java:186)
    at java.lang.ProcessImpl.start(ProcessImpl.java:130)
    at java.lang.ProcessBuilder.start(ProcessBuilder.java:1028)
elasticsearch logstash event-log nxlog
Original Q&A
1

There are 1 answers

0
alin.calinciuc On

I think you have a virus on your system. Please search on /tmp/sx or somthing like this. It's 99% that your elasticsearch server is compromised. http://www.computerworld.com/article/2490432/cloud-security/attackers-install-ddos-bots-on-amazon-cloud--exploit-elasticsearch-weakness.html http://www.exploit-db.com/exploits/33370/

Related Questions in ELASTICSEARCH

Related Questions in LOGSTASH

Related Questions in EVENT-LOG

Related Questions in NXLOG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions