Preventing to send logs from /var/log/messages and /var/log/secure

Anonymous2 · February 7, 2019, 3:05pm

Hello,

I have installed and configured Elasticsearch, Logstash, Filebeat and Kibana. I'm sending logs from
Filebeat to Logstash and to Elasticsearch. I have deleted the /var/log/messages path in filebeat.yml file, but I still recive log messages from /var/log/messages and /var/log/secure. Is it possible to prevent this?

I've tried to prevent them by drop filter in logstash, but it didn't work.

My drop filter in logstash conf file:

if [source] == "/var/log/messages" {
drop { }
}

system · March 7, 2019, 3:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash sending /var/log/messages to Elastic Logstash	2	2141	January 31, 2019
Prevent from filebeat to logging to /var/messages Beats filebeat	3	5026	April 13, 2020
Prevent Logstash Service logging to /var/log/messages Logstash	3	2860	June 20, 2019
Prevent logging to /var/log/messages Elasticsearch	7	8727	July 5, 2017
Filebeat vs logstash Elasticsearch	3	231	January 17, 2023

Preventing to send logs from /var/log/messages and /var/log/secure

Related topics