I've deployed beats on most servers and it works really well. The only problem is that there are about 10 machines left that still run CentOS 5.4 and cannot be updated.
I've tried installing filebeat but it said the kernel is too old.
Is there an alternative that I could use to ship logs to logstash? Is it possible to have filebeat working on those machines? Did anyone have a similar problem?
Thanks ahead.
HI,
You can install LogStash on those machines as LogStash uses Java. On this LogStash instance you can use the file input to read the file and either process it directly or use the Logstash to LogStash connection to send the data to your central LogStash instance.
Otherwise, you could try to mount the logs on a server with a newer OS and run filebeat there.
Another option - depending on your usecase - would be to not use filebeat and send the data directly. We do that on HP-UX machines which do not support beats: We use the syslog ability of our java logging framework to send logs directly to our LogStash installation acting as a syslog server instead of parsing the generated file logs.
Best regards
Wolfram
You can also use syslog to send to another Filebeat or Logstash instance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.