Despite SSL Protocol and request time showing in my logformat directive in Apache 2.4 I am not seeing either of them in ES/Kibana. How is this fixed? I am using filebeat and shipping logs directly to ES.
Are you using the Filebeat module for this?
Yess
Bump.
Hi @prophoto,
Could you please post the following here?
-
A sample log line from your Apache log that's not getting ingested into Elasticsearch as you expect.
-
Your Filebeat
apachemodule configuration. -
Which version of Filebeat you're using.
Thanks,
Shaunak
[centos@server9 ~]$ sudo filebeat version
filebeat version 7.8.0 (amd64), libbeat 7.8.0 [f79387d32717d79f689d94fda1ec80b2cf285d30 built 2020-06-14 18:15:37 +0000 UTC]
www.website.com 114.119.154.211 - - [16/Sep/2020:15:30:10 +0000] "GET /user-profile/jprofilename.html HTTP/1.1" 503 1898 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+http://aspiegel.com/petalbot)" TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 9758883 9
[centos@server9 ~]$ sudo cat /etc/filebeat/filebeat.yml
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
filebeat.config.modules:
enabled: true
path: /etc/filebeat/modules.d/*.yml
setup.kibana.host: "https://studio.mydomain.com:5601"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.certificate: "studio.crt.pem"
setup.kibana.ssl.key: "studio.key.pem"
setup.kibana.ssl.certificate_authorities: ["studio.crt.pem"]
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["studio.mydomain.com:9200"]
protocol: "https"
username: "elastic"
password: "----------------------"
ssl.certificate: "studio.crt.pem"
ssl.key: "studio.key.pem"
ssl.certificate_authorities: ["studio.crt.pem"]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.