Hi,
A while back I set up my ELK Stack and it's working fine, but I noticed that if I want to check the logs from my Client Server I have to go over there and restart the filebeat service.
Once restarted I can check the Syslogs in Kibana without any issues.
Can I configure it so it continuously or at least every x amount of time it refreshes and sends in the new logs?
This is my filebeat.yml config:
filebeat:
prospectors:
-
paths:
- /var/log/auth.log
- /var/log/syslog
# - /var/log/*.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["elk_server_private_ip:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB