Hello,
After installing X-PACK (necessary for Watcher and securing access to Kibana), my linux logs do not go back to ELK.
Indeed, before the installation of X-PACK, I had the following configuration on my Debian client:
/etc/rsyslog.d/rsyslog.conf
*.* @192.168.1.1:5544
This is the configuration on my ELK :
/etc/logstash/conf.d/logstash_lmpm_linux.conf
input {
syslog {
port => "5544"
type => "rsyslog"
}
}
filter { }
output {
if [type] == "rsyslog" {
elasticsearch {
hosts => [ "192.168.1.1:9200" ]
index => "winlogbeat-%{+YYYY.MM.dd}"
}
}
}
Since installing X-PACK, I had to modify the winlogbeat.yml file on my client machines in order to add the elastic account and its password. I guess you have to do the same for a Linux. How can I do this?
Thank you for your answers.