Copying Files to Central Remote Server Using Beats/LogStash

arpitwanchoo · April 18, 2017, 4:05pm

Hi

I am trying to design the centralized logging structure for our org.

I was looking for a following pipeline :
RemoteServers(FileBeat) => Central Server (LogStash) => ElasticSearch

I want FileBeat to copy files from client servers to a central repository (specific directory) and then Logstash to read from copied files instead of directly pushing data to logstash from FileBeat

I am trying to do this because I want all my log files in a central location and only filtered content will go to elastic search. There may be situations when I will use "grep" command in files on central server (where all log files are present)

So can this role of "scp" be configured by fileBeat ?

warkolm · April 18, 2017, 10:28pm

Not directly.
You'd need FB>LS>file.

arpitwanchoo · April 19, 2017, 3:08am

So can it be that the central server is having to log stash running. The first one accepting data from file beats and creating files on disk. Wile the other one reading files from disk and pushing filtered data to Elasticsearch.

Or Is it possible to configure single log stash in a way that it accepts data from FB and writes two streams (one to disk and one to ES) ?

warkolm · April 19, 2017, 5:33am

Yes, you can do that.

system · May 17, 2017, 5:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Central centos 7 logging server Beats filebeat	9	507	October 15, 2018
Using Filebeat for logging ssh log in Beats filebeat	13	13331	August 5, 2018
How to configure Filebeat.yml to listen logs via TCP Beats filebeat	18	2247	June 6, 2019
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats filebeat	2	702	May 1, 2024
Simple Central log monitoring with ELK Logstash	21	2703	September 13, 2021

Copying Files to Central Remote Server Using Beats/LogStash

Related Topics