Unix Input Plugin cannot connect to UNIX Socket



we have an OSSEC Server installed on our Logstash Server which is collecting events from his agents and doing some inspection work based on the given rules

As you might known every OSSEC module have an UNIX-Socket for internal communication.

What we want to do now is to connect to that socket and grab the events out of it, into logstash/elasticsearch, which would us provide encrypted transport without any other program needed.

We tried it now with this configuration:

input {

unix {
mode => "client"
path => "/var/ossec/queue/ossec/queue"
type => "ossec"

But we got the following error in the logstash.log:

{:timestamp=>"2014-05-27T16:12:05.507000+0200", :message=>"A plugin had an unrecoverable error. Will restart this plugin.\n Plugin: <LogStash::Inputs::Unix mode=>\"client\", path=>\"/var/ossec/queue/ossec/queue\", type=>\"ossec\">\n Error: Protocol wrong type for socket", :level=>:error}

Anyone got experience with this case of use?

Thanks for response


Logstash Developers




Affects versions