Pretty much what it says, how can i get new events in these logs pushed to logstash?
So far the only solution i've seen is to run logstash on every machine so i can use the last command, but that would mean introducing an extra instance of logstash for every server, on top of our centralised logstash for parsing. Has anyone found a more elegant solution for this? is the filebeat the right beat to read these log files?
Filebeat neither supports binary files, nor executing external commands.
Do you know of another way to push these logs to our central logstash instance?
No idea about other solutions.
Maybe you want to have a look at auditbeat (which is currently in development).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.