Hi @Sunillinus,
In this case you need to install filebeat on the remote machine.
Steps to install filebeat:-
- curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.4-x86_64.rpm #please change the version if needed, as i was not knowing your logstash version
- sudo yum install filebeat-6.2.4-x86_64.rpm
- Make changes in the vim /etc/filebeat/filebeat.yml file as follows:-
a)
-
input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:- /var/log/xyz.log #path of the logs that you want to transfer from remote machine to logstash
b)
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["10.0.x.x:5044"] # ip address of the logstash
- Save and exit the file
- firewall-cmd --permanent --zone=public --add-port=5044/tcp
- systemctl enable filebeat.service
- systemctl start filebeat.service
- systemctl status filebeat.service filebeat should have been started
Now you need to configure the logstash in order to recieve the logs from filebeat
-
Open logstash.conf and enter the below given configuration
input{
beats {
port => 5044
}
}output {
file {
path => "/filepath"
}
} -
Save and exit the file
-
firewall-cmd --permanent --zone=public --add-port=5044/tcp
-
Start logstash
Here, "xyz.log" from filebeat(remote server) will be transferred to logstash in a file(of given path in logstash.conf)
@Sunillinus let me know if you face any issue.
Regards
Nikhil Kapoor