...
In the following, you are required to insert the FQDN to which the logs will be forwarded. This FQDN is in the form "WASHOSTNAMEWAS_HOSTNAME-elastic.WASSUFFIXWAS_SUFFIX". For example, if the FQDN of the WAS is "was.example.org", you will have to insert "was-elastic.example.org".
...
filebeat.inputs:
- type: log
enabled: true
paths: /path/to/your/radius_logs
multiline.pattern: '^[[:space:]]'
multiline.negate: false
multiline.match: after
output.logstash:
hosts: ["WAS_HOSTNAME-elastic.WASSUFFIX:5044"]
ssl.certificate_authorities: ["/etc/ssl/certs/ca-certificates.crt"]
processors:
- add_fields:
target: ''
fields:
logtype: radius
- drop_fields:
fields: ['input', 'host', 'agent', 'acs', 'log', 'ecs']
|
...
filebeat.inputs:
- type: log
enabled: true
paths: /path/to/your/dhcp_logs
include_lines: ['DHCPACK']
output.logstash:
hosts: ["WAS_HOSTNAME-elastic.WASSUFFIX:5044"]
ssl.certificate_authorities: ["/etc/ssl/certs/ca-certificates.crt"] processors:
- add_fields:
target: ''
fields:
logtype: dhcp
- drop_fields:
fields: ['input', 'host', 'agent', 'acs', 'log', 'ecs']
|
...
set +o history
filebeat setup --index-management \
-E output.logstash.enabled=false \
-E 'output.elasticsearch.hosts=["WASHOSTNAMEWAS_HOSTNAME-elastic.WASSUFFIXAS_SUFFIX:443"]' \
-E output.elasticsearch.protocol=https \
-E output.elasticsearch.username=elastic \
-E output.elasticsearch.password=elastic-password-goes-here \
-E 'output.elasticsearch.ssl.certificate_authorities=["/etc/ssl/certs/ca-certificates.crt"]'
set -o history
|
...
