Hi i've same problem of this thread : Filebeat Need Restart To send Logs but i doesn't see solution on that thread, so i've this filebeat.yml :
filebeat:
prospectors:
-
paths:
- /var/log/syslog
- /var/log/auth.log
- /var/log/maillog
input_type: log
document_type: syslog
scan_frequency: 60s
-
paths:
- /var/log/zimbra.log
input_type: log
document_type: postfix
scan_frequency: 60s
-
paths:
- /var/log/zimbra.log
input_type: log
document_type: postfix
fields:
tags: "saslauthd"
scan_frequency: 60s
-
paths:
- /var/log/zimbra.log
input_type: log
document_type: postfix
fields:
tags: "amavis"
scan_frequency: 60s
-
paths:
- /opt/zimbra/log/audit.log
input_type: log
document_type: zimbra_audit
scan_frequency: 60s
-
paths:
- /opt/zimbra/log/mailbox.log
input_type: log
document_type: zimbra_mailbox
scan_frequency: 60s
registry_file: /var/lib/filebeat/registry
############################# Output ##########################################
output:
elasticsearch:
hosts: ["localhost:9200"]
### Logstash as output
logstash:
# The Logstash hosts
hosts: ["172.16.70.33:5044"]
bulk_max_size: 1024
tls:
# List of root certificates for HTTPS server verifications
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
############################# Shipper #########################################
shipper:
############################# Logging #########################################
logging:
to_syslog: false
to_files: true
files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 7
level: debug
but everytime i need to restart filebeat.
from log i see only this error :
2016/10/20 09:20:50.583052 client.go:297: DBG ES Ping(url=http://localhost:9200, timeout=1m30s)
2016/10/20 09:20:50.583929 client.go:302: DBG Ping request failed with: Head http://localhost:9200: dial tcp 127.0.0.1:9200: getsockopt: connection refused
i've elasticsearch installed on another server, same of logstash
can you help me?