Hello,
I'm trying to run a command every 10 seconds but it's not working.
Here's my conf file :
input {
exec {
command => "/home/xxx/CICFlow/bin/cfm > '/tmp/logstash.log'"
interval => 10
}
}
Hello,
I'm trying to run a command every 10 seconds but it's not working.
Here's my conf file :
input {
exec {
command => "/home/xxx/CICFlow/bin/cfm > '/tmp/logstash.log'"
interval => 10
}
}
What does that mean?
The command /home/xxx/CICFlow/bin/cfm doesn't send any logs to /tmp/logstash.log
The command should parse a pcap log file and transform it in a csv file.
Here's the config file of logstash :
input {
exec {
command => "/home/cdt/CICFlow/bin/cfm /var/log/suricata/log.pcap.1611678832 /tmp/"
interval => 10
}
}
filter {
}
output {
file {
path => "/tmp/logstash.log"
}
}
The /tmp/logstash.log :
{"command":"/home/cdt/CICFlow/bin/cfm","@timestamp":"2021-01-26T10:37:14.163Z","host":"0.0.0.0","message":"","@version":"1"}
{"command":"/home/cdt/CICFlow/bin/cfm","@timestamp":"2021-01-26T10:37:24.163Z","host":"0.0.0.0","message":"","@version":"1"}
But no csv files found in /tmp.
Is it a right acces to the files ? Logstash's executed as logstash user. The pcap files belongs to suricata.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.