Auditbeat with Redis


(Spencer Hanson) #1

I'm wanting to setup auditbeat to do file integrity monitoring and want to send it to my already existing ELK stack. Right now I have logstash going to redis then logstash pulls the logs down and sends them to elasticsearch. so Logstash -> Redis -> Logstash ->Elastic search ->kibana. I have got audit beats working by outputing directly to elasticsearch however i want to run it though Redis. Auditbeat -> Redis -> Elasticsearch ->Kibana. I see there is a redis output option but when I send it to redis i don't get any logs in showing in kibana. is there a part i need to add to logstash when pulling down from redis that's separate from the rest of my logs?


(Tudor Golubenco) #2

Can you show us your Filebeat and Logstash configs?


(Spencer Hanson) #3

Thanks for the reply I actually got it figured out. I had to add the key to the Redis output. then I pulled it off Redis with Logstash using the same key and added the index name because I didn't have this key I was sending them to the Logstash index.

output.redis:
enabled: true
hosts: ["IP"]
port: 5002
key: auditbeat
datatype: list