Logstash on linux machine to read files from remote Windows folder

Elastic Stack Logstash
1

I have logstash installed on ubuntu machine and use file input to read log files.
I need read files from remote folder of Windows machine.

For more convenience I mounted
remote folder of Windows machine to my Ubuntu folder.
Now I can read mounted folder with any linux user.
Mounted folder has permissions 755.

But logstash "file input" doesn't see any files in this folder.
Currently I have simple logstash config.

input {
  file {
    path => ["/home/mount/test/*"]
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
output {
  stdout {codec => "rubydebug"}
}

Here:
/home/mount/test - mount folder. I see here all files from Windows remote machine.
Could anyone help me with this problem?
How logstash on linux machine can read files from remote Windows folder?

2

I suggest setting log.level to trace and see what the filewatch module logs.

3

I put trace in log.level.
But I don't see any information about a problem.
Just:

[logstash.agent           ] Successfully started Logstash API endpoint {:port=>9601}
[org.logstash.secret.store.SecretStoreFactory] Attempting to exists or secret store with implementation: org.logstash.secret.store.backend.JavaKeyStore
[org.reflections.Reflections] going to scan these urls:
jar:file:/usr/share/logstash/logstash-core/lib/jars/logstash-core.jar!/
[org.reflections.Reflections] Reflections took 64 ms to scan 1 urls, producing 23 keys and 47 values

....

    [org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
    [logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
    [logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}
4

If you successfully set log.level to trace you should be seeing voluminous messages like

[2019-07-30T13:18:09,564][TRACE][filewatch.tailmode.handlers.createinitial] handle_specifically opened file handle: 89, path: test.log.1
[2019-07-30T13:18:09,660][TRACE][filewatch.tailmode.handlers.createinitial] add_new_value_sincedb_collection {"position"=>0, "watched_file details"=>"<FileWatch::WatchedFile: @filename='test.log.1', @state='active', @recent_states='[:watched, :watched]', @bytes_read='0', @bytes_unread='4', current_size='4', last_stat_size='4', file_open?='true', @initial=true, @sincedb_key='8420933 0 51713'>"}
[2019-07-30T13:18:09,712][TRACE][filewatch.tailmode.processor] Active - file grew: test.log.1: new size is 4, bytes read 0
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.