Can I use a filebeat server for centralize log collected data from many different devices?

Elastic Stack Beats
1

This is my example infra as the question.

  1. Fortinet device
  2. Haproxy Server
  3. Apache Server
  4. A filebeat server
  5. An ELK stack server
device                               a filebeat server                                                an elk stack server
Fortinet device  ---> filebeat with module fortinet on port 9400  --> logstash->elasticsearch->kibana

haproxy server -->  filebeat with module haproxy on port 514  -->
apache server -->  filebeat with module apache on port 514  -->

Is this possible or not possible?
If this is not possbile. What is the best practice?

2

Filebeat is a lightweight data shipper, so it's better to configure a few instances close to the monitored device or service. If you want to depend on a single central instance of filebeat, you will have a serious outage if it dies (single point of failure, no logging at all).

3

Also the haproxy and Apache modules are designed to read the log files directly on the server not receive them via syslog.

4

Thanks for your advise.

5 
Ok, for the device which I can install filebeat, I should install on the  device. How about network device which I couldn't install filebeat  for example
Fortigate 2 devices
Mikrotik 2 devices
Should I set  up  2 vms for install filebeat and receive logs via syslog from separated each branded devices or 4 vms for each device?
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.