Hi,
I have one apache HTTPD server and filebeat is already installed there and sending few specific logs to our internal logstatsh server.
currently it is sending logs to our internal logstash server are
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/dispatcher.log
output.logstash:
hosts: ["internal.logstasht:5044"]
bulk_max_size: 1024
username: "abc"
password: "xyz"
Now we have requirement to send few other logs from the system to our IT security department in their specific kafka clsuters.
"/var/log/audit*"
"/var/log/secure*"
'/etc/ssh/sshd_config
/var/log/httpd/access_log (common need to send both logstash and kafka cluster)
/var/log/httpd/error_log (commons need to send both logstash and kafaka cluster)
output.kafka:
hosts: ["184.XXX.XX.XX:9093", "184.XXX.XX.XX:9093"]
username: "xyz"
password: "abc"
compression: snappy
topic: '%{[topic]}'
Can anyone please suggest how can i achieve this.