I was hoping for some help setting up syslog collection using the syslog input plugin for Logstash on Ubuntu 14.04 LTS.
We have configured Topbeat, Logstash, Elasticsearch and Kibana and that seems to be working nicely (except for disk and file system metrics, but will start a separate thread regarding that).
I had a look at the logstash reference and did not find that very intuitive for installation and configuration.
I am hoping that our use case is relatively simple and many other users will have implemented syslog input plugin on Ubuntu.
I understand syslog is the comprehensive of the system logs, we really want to be collecting as much as we sensibly can to monitor the server and security.
I am not sure if we need to be collecting the auth.log separately using Filebeat or Logstash, would welcome any recommendations there as well.
The issue seemed to be if there was more than one configuration file in the directory for the back ground service. Multiple files (with different names) seemed to be why the service was stopping
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.