In this case I am using a droplet to host django web application. I am serving it by Nginx. Also I have integrated ModSecurity WAF with Nginx. Now I have Nginx Access & Error that I am transmitting through filebeat by enabling Nginx module to my other cloud hosted ELK server. But I also want to ship…

Filebeat Nginx Module + ModSecurity Audit Log to Same ELK Stack

jsoriano (Jaime Soriano) May 11, 2020, 2:24pm 2

Hey @adlp, welcome to discuss

You would need to add an input with the path of the ModSecurity logs, look for example to the configuration in Filebeat to parse modsecurity json logs

In the same link you can see that parsing its contents can be a more complicated task.

Topic		Replies	Views
Filebeat not sending ModSecurity log files Beats filebeat	5	1195	August 20, 2019
How can I Filebeat multiple files that are radically different Beats filebeat	6	324	October 19, 2022
Filebeat integration as file Logstash	3	266	August 30, 2021
Filter logs from NGINX module Beats filebeat	3	450	September 10, 2018
Nginx Module (Filebeat) getting data from another server Beats beats-module , filebeat	2	344	September 11, 2019