I am running Ubuntu, and I noticed in Kibana, it is only monitoring two files: kern.log and auth.log. Here are what the file permissions look like: -rw-r----- 1 syslog adm. Doing a ps aux, I get this:
root 17888 0.1 0.2 1758840 90964 ? SLsl Nov05 2:06 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat
Not sure if I understand your problem. What kind of files would you like to monitor?
I figured it out. I was monitoring /var/log/.log, and was trying to figure out why files like syslog were not being picked up.
Is there a way to monitor inside of directories too, like /var/log/apt/?
Yes. I recommend you create a separate input. In the inputs section of filebeat.yml, add something like this:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/apt/*filename*
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.