Hi,
SSh logs are not being shown in the kibana, I am pushing my logs to the ES Only
I am using the following configuration,
OS - Ubuntu 20.04
ES - 7.11.0
LogStash - 7.11.0
Kibana - 7.11.0
FileBeat - 7.11.0
The enabled module in filebeat is System
System.yml file :
- module: system
# Syslog
syslog:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
var.paths: ["/var/log/messages"]
# Authorization logs
var.convert_timezone: true
auth:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
var.paths: ["/var/log/secure"]
var.convert_timezone: true
With the console in kibana i have
POST /filebeat-*/_search
{
"size": 10,
"query": {
"match": {
"source": "/var/log/messages"
}
}
}
Output :
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : null,
"hits" : [x]
}
}
For
GET _nodes/stats/ingest
I have :
{
"_nodes" : {
"total" : 1,
"successful" : 1,
"failed" : 0
},
"cluster_name" : "my-application",
"nodes" : {
"L_HA_nnGQ9OfQiW-4y4q0w" : {
"timestamp" : 1613472269331,
"name" : "node-1",
"transport_address" : "192.168.1.26:9300",
"host" : "192.168.1.26",
"ip" : "192.168.1.26:9300",
"roles" : [
"data",
"data_cold",
"data_content",
"data_hot",
"data_warm",
"ingest",
"master",
"ml",
"remote_cluster_client",
"transform"
],
"attributes" : {
"ml.machine_memory" : "3093676032",
"xpack.installed" : "true",
"transform.node" : "true",
"ml.max_open_jobs" : "20",
"ml.max_jvm_size" : "1547698176"
},
"ingest" : {
"total" : {
"count" : 0,
"time_in_millis" : 0,
"current" : 0,
"failed" : 0
},
"pipelines" : {
"filebeat-7.11.0-system-syslog-pipeline" : {
"count" : 0,
"time_in_millis" : 0,
"current" : 0,
"failed" : 0,
"processors" : [
{
"set" : {
"type" : "set",
"stats" : {
"count" : 0,
"time_in_millis" : 0,
"current" : 0,
"failed" : 0
}
}
}
"filebeat-7.11.0-system-auth-pipeline" : {
"count" : 0,
"time_in_millis" : 0,
"current" : 0,
"failed" : 0,
"processors" : [
{
"set" : {
"type" : "set",
"stats" : {
"count" : 0,
"time_in_millis" : 0,
"current" : 0,
"failed" : 0
}
}
}