Hi Jochen, I am using Filebeat 1.3.1:
sudo rpm -qa | grep filebeat filebeat-1.3.1-1.x86_64 What I did just notice as I looked at the post from @cr0c that I have made a total school boy error. As i checked that the logs had been written to I noticed that the logs in the filebeat yaml did not exist. I had lifted the yaml from an Ubuntu estate and the Centos log names are different. I switched the yaml to monitor /var/log/secure and /var/log/messages restarted the filebeat service and surprise surprise data started flowing into Graylog. I am interested in investigating the Graylog Collector Sidecar and I notice that Fluentd is a configurable forwarder which is an option I should also look at. My main goal is to limit user access to specific data by LDAP groups and the forwarders will be running on syslog servers located in AWS accounts that are specific to projects/environments. Ansible/Packer and Terraform will be used to spin up environments so I need to test each available configuration combination. Thanks, Chris. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7ecc7cc3-faa8-4c8f-8a89-4bcb92bb4a11%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
