Issue to read logs from radsecproxy

Ayah · May 2, 2023, 7:43am

Hello,

we have implemented ELK to visualize eduroam log from radsecproxy. Our system was developed following this guideline GitHub - REANNZ/etcbd-public: eduroam tools container-based deployment - public tools
it was working successfully, but suddenly, I saw kibana showing old data and it stuck showing this old data, even when I deleted the log file and recreated a new one. the system still shows old data. where do these data come from?? and why are not deleted when I empty the log file??
radsecproxy and elk both are on different servers. and the data is transferred using filebeats.

I am new on elk, I am lost, and I don't know where to check and where the logs stopped. Can anyone assist me to identify and solve the issue?

regards,

warkolm · May 2, 2023, 9:02am

Can you look at the Filebeat logs and see what it is doing?
It also looks like this uses Logstash, so looking at the Logstash logs might help.

Ayah · May 3, 2023, 10:21am

the filebeat is in a docker container and I am not able to view logs files.

system · May 31, 2023, 10:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.