I'm looking into getting our wowza logs in kibana. One of my predecessors has set up our ELK stack. I started filebeat, because it wasn't running on the server. I do see exim4 log entry's in kibana, but nothing related to wowza.
This is my filebeat.yml
I only added the last two entries, related to wowza.
<code>
#=========================== Filebeat prospectors =============================
filebeat.inputs:
- type: log
enabled: true
paths:
- "/var/log/auth.log"
fields:
log_type: authlog
- type: log
enabled: true
paths:
- "/var/log/exim4/mainlog"
fields:
log_type: eximlog
- type: log
enabled: true
paths:
- "/var/log/apache2/*https_access.log"
fields:
log_type: accesshttpsv1
- type: log
enabled: true
paths:
- "/var/log/apache2/*http_access.log"
fields:
log_type: accesshttpv1
- type: log
enabled: true
paths:
- "/var/log/nginx/*https_access.log"
fields:
log_type: accessNGINXhttpsv1
- type: log
enabled: true
paths:
- "/var/log/nginx/*http_access.log"
fields:
log_type: accessNGINXhttpv1
- type: log
enabled: true
paths:
- "/var/log/haproxy.log"
fields:
log_type: haproxylog
- type: log
enabled: true
paths:
- "/usr/local/WowzaStreamingEngine/logs/wowzastreamingengine_access.log"
fields:
application: "wowza"
- type: log
enabled: true
paths:
- "/usr/local/WowzaStreamingEngine/logs/wowzastreamingengine_error.log"
fields:
application: "wowza"
#================================ Outputs =====================================
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["SOMEIPADDRESS:5044"]
#bulk_max_size: 1024
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
#certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
ssl.enabled: false
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
</code>