Filebeat system module parse messages


(Nico Brys) #1

I've just started using filebeat and the apache2 and system module. The apache2 module parses all messages and exporting a nice number of fields. Is there any news if the system module will do the same? I'm mostly interesting in parsing the auth.log file. Of is there any other way to accomplish this?

Our filebeat module sends the logs directly to elasticsearch


(Andrew Kroh) #2

In the 5.4 release, the system module will do auth logs as well. https://www.elastic.co/guide/en/beats/filebeat/5.x/exported-fields-system.html#_auth_fields

There's a blog post about it too. https://www.elastic.co/blog/grokking-the-linux-authorization-logs

If you want to test the latest build from master you can use our snapshots.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.