Filebeat and apache2 module

Hi,

I have 3 servers, one with wazuh and filebeat config on and working. I have a other server with a full elk solution. And a last with apache and filebeat install.

I want the apache2 log from this server in cabana dashboard, but documentation are poor.... so someone could help me?

when I try to do this:

./filebeat -e module=apache2 here's the output:

2017/05/12 14:39:35.491398 async.go:64: INFO Max Bulk Size set to: 2048
2017/05/12 14:39:35.491502 modules.go:93: ERR Not loading modules. Module directory not found: /usr/share/filebeat/bin/module
2017/05/12 14:39:35.491527 config.go:114: INFO Additional config files are fetched from: /usr/share/filebeat/module
2017/05/12 14:39:35.491676 beat.go:339: CRIT Exiting: Dashboard loading requested but the Elasticsearch output is not configured/enabled
Exiting: Dashboard loading requested but the Elasticsearch output is not configured/enabled


filebeat.config_dir: /usr/share/filebeat/module
filebeat.modules:
- module: apache2
  access:
    enabled: true
  error:
    enabled: true
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log

#output.elasticsearch:
#  enabled: false
#output.logstash:
#  enabled: true
output.logstash:
   hosts: ["IP-LOGSTASH:PORT"]
   index: filebeat

In the configuration that you posted the Elasticsearch output is commented out and has no hosts defined. To load the dashboards, you need direct access to Elasticsearch. In any case, you need at least an output defined, in your configuration it looks like you don't have any defined.

Thanks Tudor,

I have set elastic output and I get data but... I want to send apache log in remote logstash. But , it seems not working.

The output in cabana show like this:

{ "@timestamp": "2017-05-15T15:06:57.000Z", "offset": 28044130, "apache2": { "access": { "referrer":

And if I understand , it's possible to formatting this field?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.