Filebeat agent configuration for two different endpoint(logstash ,kafka clusters)

Hi,

I have one apache HTTPD server and filebeat is already installed there and sending few specific logs to our internal logstatsh server.
currently it is sending logs to our internal logstash server are
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/dispatcher.log

output.logstash:
hosts: ["internal.logstasht:5044"]
bulk_max_size: 1024
username: "abc"
password: "xyz"

Now we have requirement to send few other logs from the system to our IT security department in their specific kafka clsuters.

"/var/log/audit*"
"/var/log/secure*"
'/etc/ssh/sshd_config
/var/log/httpd/access_log (common need to send both logstash and kafka cluster)
/var/log/httpd/error_log (commons need to send both logstash and kafaka cluster)

output.kafka:
hosts: ["184.XXX.XX.XX:9093", "184.XXX.XX.XX:9093"]
username: "xyz"
password: "abc"
compression: snappy
topic: '%{[topic]}'

Can anyone please suggest how can i achieve this.

@msina, this is really a Beats question rather than a Logstash question and would probably be better asked in that forum. That said, you can run two separate instances of Filebeat on your server, each with a separate output, because Beats do not support multiple outputs.

@danhermann Actually i already got the solution here

Thanks
Sina

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.