EKL_server:192.168.100.71
cat /etc/filebeat/filebeat.yml
filebeat.prospectors:
-
type: log
enabled: truepaths:
- /etc/filebeat/modules.d/system.yml
reload.enabled: true
reload.period: 10s
filebeat.config.modules:
-
module: system
path: /etc/filebeat/modules.d/system.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.kibana:host: "192.168.100.71:5601"
output.logstash:
hosts: ["192.168.100.71:5044"]
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash.crt"]
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
rotateeverybytes: 10485760 # = 10MB
keepfiles: 7
filebeat.registry_file: /var/lib/filebeat/registry
setup.template.name: "filebeat"
setup.template.fields: "/etc/filebeat/fields.yml"
setup.template.overwrite: false
cat /etc/filebeat/modules.d/system.yml.disabled
-
module: system
Syslog
syslog:
enabled: truevar.paths: ["/var/log/syslog*"]
Authorization logs
auth:
enabled: truevar.paths: ["/var/log/auth.log*"]
systemctl status filebeat.service
Active: active (running) since Sun 2017-12-10 15:32:10 +06; 8s ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Main PID: 14880 (filebeat)
Tasks: 6
Memory: 6.0M
CPU: 20ms
CGroup: /system.slice/filebeat.service
└─14880 /usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/
Dec 10 15:32:10 linux-client systemd[1]: Started filebeat.
all version is 6.0.0
But I don't see any log on elk server. Elk server is ok.
What is my wrong in filebeat module configure?
Thanks.