I have installed Filebeat in server A (linux server) to send logs to server B (CentOS server). Server B has Elastic, logstash and kibana installed. I followed the steps to configure logstash output in filebeat.yml from the link https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
However, I am unable to get the logs in logstash installed in Server B. Do I need to mke further changes?

#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["Server B IP:9600"]
proxy_url: socks5://username:password@Server B IP:2233
index: filebeat
proxy_use_local_resolver: true

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

Hi Vijay,

to connect to logstash you need to enable an input pipeline in the logstash config.
input {
beats {
host => "IPaddress"
port => 5044
}
}
filter {
...
}
output {
elasticsearch {
hosts => "http://localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

This will open a port at the logstash server Filebeat will connect to and forward all events to elastic. Depending on the logs you might also enable some filter, e.g. for apache.

On ServerB you then configure the connection to ServerA:5044.

Cheers
René

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.