Filebeat
TIP
Each and every logging architecture is unique. We aim to give you a generic configuration to get you going, but ultimately, is your task to tailor it to your own needs. If you need further help, please open a Github issue or send us an email.
Find out more about Filebeat.
Auditd
bash
$ filebeat modules enable auditdyaml
- module: auditd
log:
enabled: true
var.paths: ["/Library/Application Support/Logga/audit.log"]JSON
The following config decodes json logstream:
yaml
# ============================== Filebeat inputs ===============================
filebeat.inputs:
- type: filestream
paths:
- "/Library/Application\ Support/Logga/audit.log"
parsers:
- ndjson:
target: ""
overwrite_keys: true
add_error_key: true
# ============================== Filebeat modules ==============================Read more about the ndjson parser in the Filebeat documentation.
Custom
yaml
# ============================== Filebeat inputs ===============================
filebeat.inputs:
- type: filestream
paths:
- "/Library/Application\ Support/Logga/audit.log"
# ============================== Filebeat modules ==============================