---------- BACKGROUND ----------
I am setting up a production cluster that has a mix of Windows and Unix servers. The cluster will involve dozens of servers.
I have one master Windows server that is running a single instance of Logstash, Elasticsearch, and Kibana for the entire cluster. The one Logstash instance uses multiple pipelines to organize the logs from the servers in the cluster.
For the unique requirements of this production cluster, I do not want to run any additional applications (like Filebeat) on any of the servers except for the master node. As I have read in the forum, using Filebeat is the preferred method of collecting logs on remote servers. However, in my case, my remote servers are collecting system performance metrics in order to test software products. It is essential that no external applications interfere with system performance. So, I want to retrieve logs from remote servers without the use of additional forwarding applications.
---------- PROBLEM ----------
First of all, all of the servers in the cluster on the same subnet, so the master node can access the file systems of any machine on the subnet. From my Logstash instance running on the Windows master node, I have figured out how to retrieve logs from remote Windows servers. I can do this by configuring my Logstash config file like so:
input {
file {
path => "//windows-host-name/c$/temp/logs/*"
}
}
This works perfectly, but I am having problems accessing the logs on Unix machines. I have made input blocks similar to the one above, but instead using a Unix host name and omitting the "c$".
input {
file {
path => "//unix-host-name/tmp/logs/*"
}
}
When I start this pipeline, Logstash starts the pipeline successfully, but no events are collected and no documents are created.
Is there a way to access Unix file systems remotely from a Windows server?
If not, given my requirements, what would you recommend I do instead?
Thanks in advance for the help <3