Hello everyone
I am trying to send the generated logs by cowrie to logstash:
Here is my docker compose:
version: '3'
volumes:
cowrie-etc:
driver: local
cowrie-var:
driver: local
services:
cowrie:
container_name: cowrie
restart: always
build:
context: .
dockerfile: ./cowrie/Dockerfile
ports:
- "2222:2222"
- "2223:2223"
volumes:
- cowrie-etc:/cowrie/cowrie-git/etc
- cowrie-var:/cowrie/cowrie-git/var/log/cowrie
filebeat:
image: docker.elastic.co/beats/filebeat:7.5.1
container_name: filebeat
user: root
volumes:
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- cowrie-var:/data/cowrie:ro
- /home/ubuntu/demo/:/data/cowrie:ro
environment:
- LOGSTASH_HOST='${LOGSTASH_HOST}'
command: ["--strict.perms=false"]
networks:
- docker_elk
networks:
docker_elk:
driver: bridge
And this is my filebeat.yml config file:
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/cowrie/*.log
- /data/cowrie/*.json*
output:
#logstash:
# hosts: ["${LOGSTASH_HOST}"]
# bulk_max_size: 1024
# username: "elastic"
# password: "password"
console:
pretty: true
When I run the containers, filebeat doesnt seam to work as it doesnt print any log. Dont have any clue of why it is not working. The container is up.
Hope anyone can help me.