| ... | ... | @@ -138,9 +138,9 @@ The filebeat configuration file is in /etc/filebeat/filebeat.yml. |
|
|
|
|
|
|
|
In the filebeat.prospects part we need to comment on the logs, or remove them, that we don't want the filebeat ship to logstash. I cahnged this part to point at the Gitlab logs -var/log/gitlab/gitlab-rails/production_json.log
|
|
|
|
Then we need to add the output file to logstash output
|
|
|
|
|
|
|
|
` ssl.certificate_authorities: ["/etc/ssl/logstash-forwarder.crt"]
|
|
|
|
`
|
|
|
|
```
|
|
|
|
ssl.certificate_authorities: ["/etc/ssl/logstash-forwarder.crt"]
|
|
|
|
```
|
|
|
|
We want to uncomment the output.logstash part and add the elk-server-ip to the hosts part and add the port 5044. You also need to add the ssl.certificate_authorities the path to the certificate file.
|
|
|
|
|
|
|
|
After that run the filebeat:
|
| ... | ... | |
| ... | ... | |
