i have 3 beats winlogbeat (server os windows), filebeat and auditbeat (server os linux). when i pointing winlogbeat to logstash there's no problem to receive log.
but when i pointing filebeat and auditbeat to logstash, why no logs are received, but when I point directly to the elasticsearch server the logs are accepted properly?
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
#- /var/log/*.log
#- /var/log/messages*
#- /var/adm/syslog.log
- /var/log/auth.log
- /var/log/syslog
#- c:\programdata\elasticsearch\logs\*
here's for the output
# ---------------------------- Elasticsearch Output ----------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["10.194.11.67:9200"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
# ------------------------------ Logstash Output -------------------------------
output.logstash:
# The Logstash hosts
hosts: ["10.194.11.69:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/filebeat/logstash-forwarder.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
Well then you have a network connectivity issue between the filebeat host and the Logstash host that needs to be solved. FW, subnet, routing etc. something
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.