I am really interested in using the Beats forwarders from Elastic to send
logs to Graylog as I have used Beats in ELK stacks previously.
I am curious as to what the beats forwarders configuration should be. I am
used to using Logstash to parse logs before sending to Elasticsearch so I
am wondering how the Graylog Beats input works? Is the data sent directly
to Elasticsearch so the forwarder output should be Elasticsearch. I ask
this as I noticed a comment on the plugin from Joschi saying that Logstash
is the correct output.
If this is a working forwarder for an ELK stack what needs to change for
Graylog?
filebeat:
prospectors:
-
paths:
- /var/log/auth.log
- /var/log/syslog
# - /var/log/*.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["172.31.31.4:5044","172.31.23.200:5044"]
# configure logstash plugin to loadbalance events between the logstash
instances
loadbalance: true
bulk_max_size: 1024
tls:
certificate_authorities:
["/etc/pki/tls/certs/logstash-node2fwd.crt","/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/4e90a272-4890-41cd-b169-40b7dff69189%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
