Gathering CentOS logs with no extension


(Cornwella) #1

I have a quick and possibly silly question. I’m setting up a filebeat-based Graylog collector on CentOS 6 and want to configure the “Path to Logfile”; it being CentOS it doesn’t append its system log files with .log, so the default of

[’/var/log/*.log’]

… won’t work. If I give it

[’/var/log/*]

… is it going to grab files in subdirectories as well? It needs to collect files like messages, but not those in subfolders.

Thank you in advance!


(Jochen) #2

Which version of the Graylog Collector Sidecar and which version of Filebeat are you using?


(Cornwella) #3

We’re using Graylog v2.4.3+2c41897. The collectors are on 0.1.5.

I get the feeling this comes down to writing a proper regex that includes only files, not directories, but since this is a production system with multiple applications I don’t want to accidentally have the collector pull all files contained in /var/log/ (just those at the document root).

Of course the straightforward solution is just specifying each file manually, e.g.['/var/log/messages', '/var/log/secure'] etc.


(Jochen) #4

Check out the recursive_glob.enabled setting in Filebeat.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.