Hi!
I would like to ingest sendmail logs (/var/log/maillog) from different servers (about 5) into Elasticsearch at the same time.
I did Google search and found different and confused tutorials about this.
Anybody can help to define what product is more recomendated to do this? (filebeat or logstash)
I only need to read and ingest the information from log called /var/log/maillog every 1 minute or realtime if it's possible
Thanks in advance
Both (logstash and filebeat) is fine.
However, for simple file reads from servers and ingesting them into elastic. I would recommend (and to my knowledge is generally recommended) to use filtebeat. This because filebeat is generally less resource intensive on your system.
Ok. Assuming I can use FileBeat to read and parse the log too before the ingest to the ELK server? In this situation I only need to install FileBeat and perform the configuration on all different servers. This is right?
Yes, you can create one config and add this to all your servers (assuming they are the same).
The parsing of the events will take place in Elasticsearch using an ingest pipeline which you will have to create
it's possible to parse the log of maillog? There's any module or an oficial yml? I didn't found...
There isn't an out of the box one provided to my knowledge. Howeverr you can create your own.
With filtebeat is it possible? How can I split all fields from logs?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.