How to track wmtp and bmtp


Pretty much what it says, how can i get new events in these logs pushed to logstash?
So far the only solution i've seen is to run logstash on every machine so i can use the last command, but that would mean introducing an extra instance of logstash for every server, on top of our centralised logstash for parsing. Has anyone found a more elegant solution for this? is the filebeat the right beat to read these log files?

(Steffen Siering) #2

Filebeat neither supports binary files, nor executing external commands.


Do you know of another way to push these logs to our central logstash instance?

(Steffen Siering) #4

No idea about other solutions.

Maybe you want to have a look at auditbeat (which is currently in development).

(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.