Hi folks!
I'm new on FileBeat, Logstash and Elastiscsearch. I'm trying to implement in my work, but I'm having problem with FileBeat.
When I start the service from FileBeat, my logs are sent to Logstash, but the files for example:
/var/log/pfswf01.log
/var/log/pfswf02.log
stop being incremented.
I did searches, but I didn't find anything that stop it.
Could you help me understand, what I'm doing wrong?
Bellow follow my filebeat.yml:
filebeat:
prospectors:
-
paths:
- /var/log/pfswf01.log
- /var/log/pfswf02.log
- /var/log/pfswf03.log
- /var/log/pfswf04.log
document_type: firewall
-
paths:
- /var/log/syslog-ng.log
document_type: syslog
-
paths:
- "/mnt/helicon/Notif/*.Log"
document_type: urlnotif
-
paths:
- "/mnt/florina_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/alpha_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/daribow_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/livia_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/cygni_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/euterpe_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/korell_LogIIS/logs/LogFiles/W3SVC1/*.log"
- "/mnt/nexon_LogIIS/logs/LogFiles/W3SVC1/*.log"
document_type: iis
-
paths:
- "/mnt/livia/*.Log"
- "/mnt/rhea/*.Log"
- "/mnt/cygni/*.Log"
- "/mnt/sarip/*.Log"
- "/mnt/euterpe/*.Log"
- "/mnt/hesperos/*.Log"
- "/mnt/daribow/*.Log"
- "/mnt/florina/*.Log"
- "/mnt/bonde/*.Log"
- "/mnt/alpha/*.Log"
- "/mnt/korell/*.Log"
- "/mnt/vega/*.Log"
- "/mnt/cinna/*.Log"
- "/mnt/helicon/*.Log"
- "/mnt/fomalhaut/*.Log"
- "/mnt/gamma/*.Log"
- "/mnt/ifni/*.Log"
- "/mnt/nexon/*.Log"
document_type: operadoras
spool_size: 1024
idle_timeout: 5s
input_type: log
fields:
level: debug
review: 1
tail_files: false
output:
logstash:
hosts: ["10.1.1.112:5044"]
index: filebeat
file:
path: "/tmp/filebeaat"
filename: filebeat
rotate_every_kb: 10000
number_of_files: 7
logging:
to_syslog: false
to_files: true
files:
path: "/var/log"
name: filebeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 7
selectors: ["*"]
level: error