I have a quick and possibly silly question. I’m setting up a filebeat-based Graylog collector on CentOS 6 and want to configure the “Path to Logfile”; it being CentOS it doesn’t append its system log files with .log, so the default of
[‘/var/log/*.log’]
… won’t work. If I give it
['/var/log/*]
… is it going to grab files in subdirectories as well? It needs to collect files like messages, but not those in subfolders.
Thank you in advance!
Which version of the Graylog Collector Sidecar and which version of Filebeat are you using?
We’re using Graylog v2.4.3+2c41897. The collectors are on 0.1.5.
I get the feeling this comes down to writing a proper regex that includes only files, not directories, but since this is a production system with multiple applications I don’t want to accidentally have the collector pull all files contained in /var/log/ (just those at the document root).
Of course the straightforward solution is just specifying each file manually, e.g.['/var/log/messages', '/var/log/secure'] etc.
Check out the recursive_glob.enabled setting in Filebeat.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
