Hi All,
New to Graylog and have been struggling now for the last 2-3 days to try to get a simple use-case working. I have Graylog server 3 setup and running and a separate Linux box running Apache.
I am trying to configure the Sidecar installed on the Linux box to send Apache logs back to Graylog.
Everything works fine if I explicitly specify the files in the “input” section of the configuration yml. For example, if I use the default example provided:
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs:
- input_tpye: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["10.10.10.10:5044"]
path:
data: /var/lib/graylog-sidecar/collectors/filebeat/data
logs: /var/lib/graylog-sidecar/collectors/filebeat/log
However, if I try and do it by adding a module such as the system or apache modules:
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.modules:
- module: system
output.logstash:
hosts: ["10.10.10.10:5044"]
path:
data: /var/lib/graylog-sidecar/collectors/filebeat/data
logs: /var/lib/graylog-sidecar/collectors/filebeat/log
I have tried various different options and I get different failures such as:
- Not loading modules. Module directory not found: /usr/share/filebeat/bin/module
What am I doing wrong / where am I going wrong with my understanding here! This has to be the simplest usecase for ingestion in Graylog so am assuming I have something completely backwards.
I thought that maybe I needed a Content pack and went looking…but was surprised to find that there is none for Apache? This made me certain that I am completely misunderstanding something!
Any insights greatly appreciated.
Thanks