Sending changing log (name) to ELK

I have a little problem. I want to send a logfile with the name "firewall-01-02-2017.log" to my ELK server, but this file is changing every month to for instance "firewall-01-03-2017.log" etc.

So i thought it would be better to use another format in my logstash-forwarder config and i thought this one would be ok:

firewall-[0-3][0-9]-[0-1][0-9]-2[0-1][1-2][0-9].log

But it isn't doing much. My logstash-forwarder error log shows me this:

2017/02/01 15:44:33.166923 Waiting for 1 prospectors to initialise
2017/02/01 15:44:33.167089 All prospectors initialised with 0 states to persist
2017/02/01 15:44:33.167195 Setting trusted CA from file: /etc/pki/tls/certs/logstash-forwarder.crt
2017/02/01 15:44:33.176126 Connecting to [145...]:5043 (145...)
2017/02/01 15:44:33.273000 Connected to 145...*

So, it is connected, but apparently it isn't liking the format i used, but i would not know what format it wants to have. Anyone played with this?

Hmm, i just read that LSF isn't supported anymore, but my ELK stack is configured with it. Hopefully someone wants to help me with this issue

That kind of pattern isn't supported. Only basic shell wildcards like ? and * are allowed, so try firewall-??-??-????.log or just firewall-*.log.

Thank you very much for your reply. Will test it out tomorrow when i'm at work.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.