Filebeat running as root, but not ingesting all logs

I am running Ubuntu, and I noticed in Kibana, it is only monitoring two files: kern.log and auth.log. Here are what the file permissions look like: -rw-r----- 1 syslog adm. Doing a ps aux, I get this:
root 17888 0.1 0.2 1758840 90964 ? SLsl Nov05 2:06 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat /var/lib/filebeat --path.logs /var/log/filebeat

Not sure if I understand your problem. What kind of files would you like to monitor?

I figured it out. I was monitoring /var/log/.log, and was trying to figure out why files like syslog were not being picked up.
Is there a way to monitor inside of directories too, like /var/log/apt/

Yes. I recommend you create a separate input. In the inputs section of filebeat.yml, add something like this:


- type: log
  enabled: true
    - /var/log/apt/*filename*

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.