Question about auditbeat and squid

We have squid proxy server, that writes it 's logs in /var/log directory. And we want to monitor it by auditbeat. Is it possible?If yes how we should do it?

Hi @ThreatInter :slightly_smiling_face:

Why don't you use Filebeat to fetch those logs using the provided squid module? https://www.elastic.co/beats/filebeat

1 Like

Thank you for your answer. We already using auditbeat at this machine, so we don't think that one more beat is good idea.

Auditbeat won't read those logs, you will either need to install Filebeat or take a look at the new Elastic Agent.

Ok i got it. Thank you.

1 Like