Ship /var/log/secure onto Elasticsearch

Hi Team,

We have setup ELK with 5.6.3 to forward all RHEL/Centos system logs. Initially, we are in process of shipping /var/log/secure logs which file has different events such as ssh, su, and sudo events each with different pattern log lines.

Can you please help me to how to achieve this. Should I make indices for each ssh success/failure/logged out, su, and sudo ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.