Hello, i am trying to use the System integration in my Elastic Security agent to capture syslog data from /var/log/syslog file. I am also doing the same on another server but using a FileBeat instance, sending output to the Elastic Cloud. But for both deployments (the one using Elastic agent and the other one using FileBeats) I am only able to send syslog logs that were generated by the local servers where agent and FileBeats are installed. If I receive external log from another Linux server, even with it being correctly written to the monitored file (/var/log/syslog), this log is never seen at Discovery console in the Elastic Cloud. Only syslog data where the host (in syslog header) is the same as the original server where FileBeats or Agent are installed, in other words, only logs generated locally by the servers themselvs are being sent. Any help how to solve this? Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.