Home > Software engineering >  How to stop sending var/log/syslog from filebeat to logstash
How to stop sending var/log/syslog from filebeat to logstash

Time:05-20

Below is my filebeat.yml file where it should send logs only from the below mentioned /home/ubuntu/logs/test-app/path.log path. But it is all the logs including var/log/syslog and /var/log/auth.log folders. Please give me clarification on how to avoid sending system logs.

filebeat.yml

filebeat.inputs:

- type: syslog
  enabled: false
- type: log
  enabled: true
  paths:
    - home/ubuntu/logs/test-app/path.log

logging:
level: info
to_files: true
to_syslog: false

filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false

output.logstash:
hosts: ["ip:5044"]

CodePudding user response:

check if you are enabling the system module ,

filebeat modules list | head

cat /etc/filebeat/modules.d/system.yml

and use filestream input instead of logs as the latter will be deprecated

https://www.elastic.co/guide/en/beats/filebeat/8.2/filebeat-input-filestream.html

Page link:https//www.codepudding.com/Softwareengineering/412893.html

Prev:How Can I add description to security group from AWS CLI
Next:Allowed Values in cloudformation
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding