Can I use a filebeat server for centralize log collected data from many different devices?

This is my example infra as the question.

  1. Fortinet device
  2. Haproxy Server
  3. Apache Server
  4. A filebeat server
  5. An ELK stack server
device                               a filebeat server                                                an elk stack server
Fortinet device  ---> filebeat with module fortinet on port 9400  --> logstash->elasticsearch->kibana

haproxy server -->  filebeat with module haproxy on port 514  -->
apache server -->  filebeat with module apache on port 514  -->

Is this possible or not possible?
If this is not possbile. What is the best practice?

Filebeat is a lightweight data shipper, so it's better to configure a few instances close to the monitored device or service. If you want to depend on a single central instance of filebeat, you will have a serious outage if it dies (single point of failure, no logging at all).

Also the haproxy and Apache modules are designed to read the log files directly on the server not receive them via syslog.

Thanks for your advise.

Ok, for the device which I can install filebeat, I should install on the  device. How about network device which I couldn't install filebeat  for example
Fortigate 2 devices
Mikrotik 2 devices
Should I set  up  2 vms for install filebeat and receive logs via syslog from separated each branded devices or 4 vms for each device?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.