Apache logs missing SSL Protocol

Despite SSL Protocol and request time showing in my logformat directive in Apache 2.4 I am not seeing either of them in ES/Kibana. How is this fixed? I am using filebeat and shipping logs directly to ES.

Are you using the Filebeat module for this?



Hi @prophoto,

Could you please post the following here?

  1. A sample log line from your Apache log that's not getting ingested into Elasticsearch as you expect.

  2. Your Filebeat apache module configuration.

  3. Which version of Filebeat you're using.



[centos@server9 ~]$ sudo filebeat version
filebeat version 7.8.0 (amd64), libbeat 7.8.0 [f79387d32717d79f689d94fda1ec80b2cf285d30 built 2020-06-14 18:15:37 +0000 UTC]
www.website.com - - [16/Sep/2020:15:30:10 +0000] "GET /user-profile/jprofilename.html HTTP/1.1" 503 1898 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+http://aspiegel.com/petalbot)" TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 9758883 9
[centos@server9 ~]$ sudo cat /etc/filebeat/filebeat.yml
logging.level: info
logging.to_files: true
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

  enabled: true
  path: /etc/filebeat/modules.d/*.yml

setup.kibana.host: "https://studio.mydomain.com:5601"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.certificate: "studio.crt.pem"
setup.kibana.ssl.key: "studio.key.pem"
setup.kibana.ssl.certificate_authorities: ["studio.crt.pem"]

  # Array of hosts to connect to.
  hosts: ["studio.mydomain.com:9200"]

  protocol: "https"
  username: "elastic"
  password: "----------------------"
  ssl.certificate: "studio.crt.pem"
  ssl.key: "studio.key.pem"
  ssl.certificate_authorities: ["studio.crt.pem"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.