Filebeat with apache2 configuration


I want to send the Apache2 logs to my Graylog server with Filebeat.
After configuring filebeat, the access.logs are received by Graylog.
However, the error.log was not received. In addition, Apache no longer writes them to the error.log file.

These are the steps I followed:

  • install filebeat
  • in filebeat.yml, in the “outputs” section, I have commented “output.elasticsearch”, and uncommented “output.logstach” and add the hosts.
  • in module.d / apache2.yml, I added the path to the logs (after activating the module of course).
  • Activate and start filebeat.

Did I forget a step?
Thank you.

Hi, mourad

Check the steps below again

$ sudo filebeat test config 
$ sudo filebeat test output
$ sudo filebeat modules list
$ sudo filebeat modules enable apache2

 $ sudo vim /etc/filebeat/modules.d/apache2.yml
  Access and error log enable/config "PATH"

Hello Barham,

Thank you for your return.
In the meantime, I discovered Sidecar to centralize the configuration. So I restore my VM and start over with SideCar.

However, as I am curious and that it could be useful to others (or even to me in the future), I will repeat the test on another VM and I will post the results to you once done.



I have tried to configure with sidecar, but the same problem occurs. When I look at the received messages, I only have the access logs.
Here is the result of the commands requested earlier:

root@web-dev:/var/log/apache2# sudo filebeat test config

Config OK

root@web-dev:/var/log/apache2# sudo filebeat test output
elasticsearch: http://localhost:9200...
  parse url... OK
    parse host... OK
    dns lookup... OK
    addresses:, ::1
    dial up... ERROR dial tcp [::1]:9200: connect: connection refused

The sidecar configuration in Graylogs :

as much for me. it works.

Hi, mourad



# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
  # Array of hosts to connect to.
  hosts: [""]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

# ------------------------------ Logstash Output -------------------------------
  # The Logstash hosts
  hosts: [""]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.