Reading logs from Unix server with logstash server on windows

shyamank · January 22, 2016, 10:37am

Hi,

Im just getting started with setting up an ELK stack. Currently my logstash server running on windows reads log files on the local machine and populates the elastic search server also running on the same machine. Simple enough??

Now i need to read actual log files which are on a unix server box. going through the documentation i cannot find a input plugin which would be able to connect to the unix box with authentication, access the log files and populate my ES server.

Any help would be appreciated to atleast get me pointed towards the right direction. Please and Thank you.

magnusbaeck · January 22, 2016, 11:55am

This is normally solved by running a shipper (e.g. Logstash or Filebeat) on the machine from which you want to collect logs. If you choose to run Logstash you can have a lumberjack output on the Unix machine and a lumberjack input on the Windows box, and if you run Filebeat you use a beats input on the Windows box.

shyamank · January 22, 2016, 12:18pm

Thank you, i will update.