I have a quick and possibly silly question. I’m setting up a filebeat-based Graylog collector on CentOS 6 and want to configure the “Path to Logfile”; it being CentOS it doesn’t append its system log files with .log, so the default of
[‘/var/log/*.log’]
… won’t work. If I give it
['/var/log/*]
… is it going to grab files in subdirectories as well? It needs to collect files like messages, but not those in subfolders.
We’re using Graylog v2.4.3+2c41897. The collectors are on 0.1.5.
I get the feeling this comes down to writing a proper regex that includes only files, not directories, but since this is a production system with multiple applications I don’t want to accidentally have the collector pull all files contained in /var/log/ (just those at the document root).
Of course the straightforward solution is just specifying each file manually, e.g.['/var/log/messages', '/var/log/secure'] etc.