We are attempting to deploy the ELK stack for the first time but data is not being received by Kibana. The file path for alerts file is: /var/ossec/logs/alerts/alerts.json. A check of permissions indicates Logstash can read this file:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 4480 logstash 15r REG 252,0 227337152 14811176 /var/ossec/logs/alerts/alerts.json
ossec-ana 25893 ossec 9w REG 252,0 227337152 14811176 /var/ossec/logs/alerts/alerts.json
It was recommended that we test the following command:
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/01-ossec-singlehost.conf --path-settings=/etc/logstash/
This resulted in an error:
-bash: /usr/share/logstash/bin/logstash: No such file or directory
Any suggestions on a next step would be greatly appreciated.
Thank you,
Marc Baker