I've just started using filebeat and the apache2 and system module. The apache2 module parses all messages and exporting a nice number of fields. Is there any news if the system module will do the same? I'm mostly interesting in parsing the auth.log file. Of is there any other way to accomplish this?
Our filebeat module sends the logs directly to elasticsearch
In the 5.4 release, the system module will do auth logs as well. https://www.elastic.co/guide/en/beats/filebeat/5.x/exported-fields-system.html#_auth_fields
There's a blog post about it too. https://www.elastic.co/blog/grokking-the-linux-authorization-logs
If you want to test the latest build from master you can use our snapshots.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.