I tried it but after the restart, nothing changed.
{
"_index": "filebeat-7.1.1-2019.06.25",
"_type": "_doc",
"_id": "OkjgjWsB5j_G9LEoXW6H",
"_version": 1,
"_score": null,
"_source": {
"cloud": {
"region": "fra1",
"provider": "digitalocean",
"instance": {
"id": "147324943"
}
},
"agent": {
"type": "filebeat",
"ephemeral_id": "55f38ce1-d5a9-4baf-9eaa-91c334c8da9b",
"id": "e4ec413a-0f36-4b48-a6b0-83ab274d7c3b",
"version": "7.1.1",
"hostname": "hk-elks"
},
"@version": "1",
"event": {
"dataset": "apache.error",
"module": "apache"
},
"@timestamp": "2019-06-25T09:03:31.739Z",
"tags": [
"beats_input_codec_plain_applied"
],
"log": {
"file": {
"path": "/var/log/httpd/error_log"
},
"offset": 1216672641
},
"host": {
"id": "387b06bbed1dc5ea41c228855d0225dd",
"name": "hk-elks",
"architecture": "x86_64",
"os": {
"name": "CentOS Linux",
"codename": "Core",
"kernel": "3.10.0-957.21.3.el7.x86_64",
"family": "redhat",
"version": "7 (Core)",
"platform": "centos"
},
"containerized": false,
"hostname": "hk-elks"
},
"input": {
"type": "log"
},
"fileset": {
"name": "error"
},
"service": {
"type": "apache"
},
"message": "[Tue Jun 25 11:02:40.555500 2019] [authz_core:error] [pid 2555:tid 140461301806848] [client 185.62.190.78:60122] AH01630: client denied by server configuration: /etc/httpd/htdocs",
"ecs": {
"version": "1.0.0"
}
},
"fields": {
"suricata.eve.timestamp": [
"2019-06-25T09:03:31.739Z"
],
"@timestamp": [
"2019-06-25T09:03:31.739Z"
]
},
"sort": [
1561453411739
]
}