Filebeat modules problem

Elastic Stack Beats
1

EKL_server:192.168.100.71

cat /etc/filebeat/filebeat.yml

filebeat.prospectors:

  • type: log
    enabled: true

    paths:

    • /etc/filebeat/modules.d/system.yml

    reload.enabled: true
    reload.period: 10s

filebeat.config.modules:

  • module: system
    path: /etc/filebeat/modules.d/system.yml
    reload.enabled: false
    setup.template.settings:
    index.number_of_shards: 3
    setup.kibana:

    host: "192.168.100.71:5601"

output.logstash:
hosts: ["192.168.100.71:5044"]
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash.crt"]

logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
rotateeverybytes: 10485760 # = 10MB

keepfiles: 7
filebeat.registry_file: /var/lib/filebeat/registry
setup.template.name: "filebeat"
setup.template.fields: "/etc/filebeat/fields.yml"
setup.template.overwrite: false

cat /etc/filebeat/modules.d/system.yml.disabled

  • module: system

    Syslog

    syslog:
    enabled: true

    var.paths: ["/var/log/syslog*"]

    Authorization logs

    auth:
    enabled: true

    var.paths: ["/var/log/auth.log*"]

systemctl status filebeat.service

Active: active (running) since Sun 2017-12-10 15:32:10 +06; 8s ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Main PID: 14880 (filebeat)
Tasks: 6
Memory: 6.0M
CPU: 20ms
CGroup: /system.slice/filebeat.service
└─14880 /usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/

Dec 10 15:32:10 linux-client systemd[1]: Started filebeat.

all version is 6.0.0

But I don't see any log on elk server. Elk server is ok.
What is my wrong in filebeat module configure?
Thanks.

2

Could you please share the logs of Filebeat? Please format both your logs and your config using </>.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.