Hi Buddy 
My log is in ssh which have username password port
I have ELK pack in my local
i want to connect ssh and access log
for that I dont know how to configure logstash.conf
can you help
buddy i tried to access log which is in present in my local file system.i can able to see in kibana
input {
file {
path => [โ/tsbappdata/logs/service.log"]
start_position => "beginning"
}
}
filter {
multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => โtrueโ
what => โnextโ
}
}
output {
elasticsearch {
host => "localhost"
port => 9200
user => "username"
password => "Password"
protocol => "http"
}
stdout { codec => rubydebug }
}
but i have to connect ssh and read log which present inside remote folder.
i dont know how to proceed can you help me to connect ssh and access log
note: my ELK Pack will there in my local
As far as I know Logstash does not support fetching logs via ssh.
Buddy then we cant read log from remote file ?
A common practice is to deploy an agent like FileBeat to forward the logs from the remote server(s). Would that be an option?
can you provide some link to refer filebeat ,configure fwd log from remote
Filebeat should be installed on the remote server and forward logs. It does not collect via ssh either.
thank you buddy
whether we can configure logstash in remote
and elastic search,kibana in local ?
The components of the Elastic stack are designed to be distributed. You can certainly set up Filebeat or Logstash on the remote servers and send data to the local one. Filebeat is designed to be lightweight and uses less resources than Logstash, which is why it is a popular collection agent.
Thank you buddy
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.