Why my filebeat settings can only read /var/log/messages. I need to read all files in /var/log and my customized log folder: /suselv/log

Elastic Stack Beats
1

filebeat.yml part about included logs -->

  • type: filestream

    Unique ID among all inputs, an ID is required.

    id: autoyast1-filestream

    Change to true to enable this input configuration.

    enabled: true

    Paths that should be crawled and fetched. Glob based paths.

    paths:

    • "/suselv/log/**"
    • "/var/log/**"

modules.d/system.yml part --->

Module: system

Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html

  • module: system

    Syslog

    syslog:
    enabled: true

    Set custom paths for the log files. If left empty,

    Filebeat will choose the paths depending on your OS.

    #var.paths: ["/suselv/log/*"]

    Authorization logs

    auth:
    enabled: true

    Set custom paths for the log files. If left empty,

    Filebeat will choose the paths depending on your OS.

    #var.paths: ["/suselv/log/*"]

My OS is opensuse 15.5. and filebeat is installed as rpm mode.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.