When you run LS form the command line, it will run, in your case, as root user as a process. You can run as a background process with & at the end of command. Recommended mode is a service mode for continuous running.
Follow next steps:
- Change in
elasticsearch.ymland restart:
network.host: [ _site_ , _local_]
Or just set to 0.0.0.0. Leandro explained here.
Restart elasticsearch. - Edit apache.conf on Linux should be: sincedb_path => "/dev/null" - this means sincedb is runtime mode, keep log read tracking until restart process, not permanent on disk. The disk mode is used in the production mode, when you need to track logs read.
- Check log permissions, root user might take ownership, so run:
chown -R logstash:logstash /var/log/logstash/ - Run as the service:
sudo systemctl start logstash.service
If is not enabled:systemctl enable logstash.serviceand most likely: systemctl daemon-reload