Thanks Ruflin, indeed I did look at the other threads on the same subject, and ckecked for deprecated tls and ill-formated yml. But still, I couldn't resolve the problem.
So here's my filebeat.yml :
filebeat:
prospectors:
-
paths:
- /opt/WSO2/wso2esb/repository/logs/wso2carbon.log
document_type: log
fields:
origin: SECURI_ESB
category: TECHNIQUE
ignore_older: 744h
-
paths:
- /opt/WSO2/wso2esb/repository/logs/http_access_*.log
document_type: log
fields:
origin: SECURI_ESB
category: ACCESS
ignore_older: 744h
-
paths:
- /opt/WSO2/wso2is/repository/logs/wso2carbon.log
document_type: log
fields:
origin: ESBMET_IS
category: METIER
ignore_older: 744h
-
paths:
- /opt/WSO2/wso2is/repository/logs/http_access_*.log
document_type: log
fields:
origin: ESBMET_IS
category: ACCESS
ignore_older: 744h
-
paths:
- /opt/WSO2/wso2greg/repository/logs/wso2carbon.log
document_type: log
fields:
origin: SECURI_REGISTRY
category: METIER
ignore_older: 744h
-
paths:
- /opt/WSO2/wso2greg/repository/logs/http_access_*.log
document_type: log
fields:
origin: SECURI_REGISTRY
category: ACCESS
ignore_older: 744h
-
paths:
- /data/logs/*.log
document_type: log
fields:
origin: ESBTEC_MYSQL
category: TECHNIQUE
ignore_older: 744h
-
paths:
- /var/log/rabbitmq/*.log
document_type: log
fields:
origin: HELIOS_RABBITMQ
category: TECHNIQUE
ignore_older: 744h
output:
logstash:
hosts: ["elk-docker:5044"]
ssl:
#insecure: true
certificate_authorities: ["/etc/pki/tls/certs/logstash-beats.crt"]
logging:
level: warning
to_files: true
to_syslog: false
files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 7
And for the logstash part, 02-beats-input.conf and 30-output.conf :
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-beats.crt"
ssl_key => "/etc/pki/tls/private/logstash-beats.key"
}
}
output {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "filebeat-%{+YYYY.MM.dd.HH}"
document_type => "%{[@metadata][type]}"
}
}
Regards
Laurent