I was not getting replies on my older thread
https://discuss.elastic.co/t/shipping-logs-from-multiple-files/48881/15; therefore, opening a new one.
I am seeing these logs:
Check file for harvesting
Update existing file for harvesting
Not harvesting, file didn't change
End of file reached, backoff now.
Here is my conf file:
I am running ELK on Windows Server 2012 R2 and trying to get logs from Windows Server 2008 R2. Logs are with .txt extension.
Logs are in the following format:
[02] Tue 03May16 09:00:29 - (014614) Closed session
[02] Tue 03May16 09:00:29 - (014614) User "username" logged out
[10] Tue 03May16 09:04:38 - (014611) Sending file "\\ServerName\HOMES\username\amM06LSVP-amM06LSVP-NHG2-Reac.log"
[10] Tue 03May16 09:04:41 - (014611) Sent file "\\ServerName\HOMES\username\amM06LSVP-amM06LSVP-NHG2-Reac.log" successfully (1,446.17 KB/sec - 4,465,777 Bytes)
[10] Tue 03May16 09:08:56 - (014613) Sending file "\\ServerName\stu_homes\username\home\Recovered File 1.pptx"
[10] Tue 03May16 09:08:58 - (014613) Sent file "\\ServerName\stu_homes\username\home\Recovered File 1.pptx" successfully (3,659.91 KB/sec - 7,086,491 Bytes)
[02] Tue 03May16 09:29:10 - (014611) Session idle time out
[02] Tue 03May16 09:29:10 - (014611) Closed session
[02] Tue 03May16 09:29:10 - (014611) User "username" logged out
[02] Tue 03May16 09:33:56 - (014615) Connected to IP Addresss (local address IPAddress, port 22)
[02] Tue 03May16 09:33:59 - (014615) Closed session
[02] Tue 03May16 10:06:23 - (014613) Session idle time out
[02] Tue 03May16 10:06:23 - (014613) Closed session
[02] Tue 03May16 10:06:23 - (014613) User "username" logged out
[02] Tue 03May16 10:30:55 - (014616) Connected to IPAddress (local address IPAddress, port 22)
[02] Tue 03May16 10:30:58 - (014616) Closed session