Filebeat for Fail2Ban via Logstash?

Hi All, need a bit of advice.

I'm using Elasticsearch to collect and categorise logs from network devices. These are being sent to Logstash before being forwarded to Elasticsearch.

I want to forward some Linux server Fail2Ban logs via Filebeat but have a few questions;

  1. Is is best to forward these to Logstash or direct to Elasticsearch?
  2. In either case, how would I ensure logs are matched? I found the following for logstash, but the file is for local input, so i'm unsure what this what need to look like for filebeat input?

Any help would be much appreciated


1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.