ELK Docker - Logstash doesn't read log file


(Aberwag) #1

Hello,

I use ELK on docker (repository) to manage logs on my server

bind archive log file if file size == 5Mo (rename queries.log to queries.log0 and create a new file queries.log), after this operation logstash doesn't read new file content and i don't have any log on logstash.

Bind configuration:
...
channel queries_file {
file "/var/log/dns/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
...

an idea ?
thanks


(system) #2