Preventing to send logs from /var/log/messages and /var/log/secure


I have installed and configured Elasticsearch, Logstash, Filebeat and Kibana. I'm sending logs from
Filebeat to Logstash and to Elasticsearch. I have deleted the /var/log/messages path in filebeat.yml file, but I still recive log messages from /var/log/messages and /var/log/secure. Is it possible to prevent this?

I've tried to prevent them by drop filter in logstash, but it didn't work.

My drop filter in logstash conf file:

if [source] == "/var/log/messages" {
drop { }

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.