###################### Filebeat Configuration Example #########################

1. ###################### Filebeat Configuration Example #########################
2.  
3. # This file is an example configuration file highlighting only the most common
4. # options. The filebeat.full.yml file from the same directory contains all the
5. # supported options with more comments. You can use it as a reference.
6. #
7. # You can find the full configuration reference here:
8. # https://www.elastic.co/guide/en/beats/filebeat/index.html
9.  
10. #=========================== Filebeat prospectors =============================
11.  
12. filebeat.prospectors:
13.  
14. # Each - is a prospector. Most options can be set at the prospector level, so
15. # you can use different prospectors for various configurations.
16. # Below are the prospector specific configurations.
17.  
18. - input_type: log
19.  
20. # Paths that should be crawled and fetched. Glob based paths.
21. paths:
22. - /var/log/auth.log
23. #- c:\programdata\elasticsearch\logs\*
24. - /var/log/syslog
25.  
26. # Exclude lines. A list of regular expressions to match. It drops the lines that are
27. # matching any regular expression from the list.
28. #exclude_lines: ["^DBG"]
29.  
30. # Include lines. A list of regular expressions to match. It exports the lines that are
31. # matching any regular expression from the list.
32. #include_lines: ["^ERR", "^WARN"]
33.  
34. # Exclude files. A list of regular expressions to match. Filebeat drops the files that
35. # are matching any regular expression from the list. By default, no files are dropped.
36. #exclude_files: [".gz$"]
37.  
38. # Optional additional fields. These field can be freely picked
39. # to add additional information to the crawled log files for filtering
40. #fields:
41. # level: debug
42. # review: 1
43.  
44. ### Multiline options
45.  
46. # Mutiline can be used for log messages spanning multiple lines. This is common
47. # for Java Stack Traces or C-Line Continuation
48.  
49. # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
50. #multiline.pattern: ^\[
51.  
52. # Defines if the pattern set under pattern should be negated or not. Default is false.
53. #multiline.negate: false
54.  
55. # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
56. # that was (not) matched before or after or as long as a pattern is not matched based on negate.
57. # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
58. #multiline.match: after
59.  
60.  
61. #================================ General =====================================
62.  
63. # The name of the shipper that publishes the network data. It can be used to group
64. # all the transactions sent by a single shipper in the web interface.
65. #name:
66.  
67. # The tags of the shipper are included in their own field with each
68. # transaction published.
69. #tags: ["service-X", "web-tier"]
70.  
71. # Optional fields that you can specify to add additional information to the
72. # output.
73. #fields:
74. # env: staging
75.  
76. #================================ Outputs =====================================
77.  
78. # Configure what outputs to use when sending the data collected by the beat.
79. # Multiple outputs may be used.
80.  
81. #-------------------------- Elasticsearch output ------------------------------
82. # output.elasticsearch:
83. # Array of hosts to connect to.
84. # hosts: ["localhost:9200"]
85.  
86. # Optional protocol and basic auth credentials.
87. #protocol: "https"
88. #username: "elastic"
89. #password: "changeme"
90.  
91. #----------------------------- Logstash output --------------------------------
92. output.logstash:
93. # The Logstash hosts
94. hosts: ["10.6.5.3:5044"]
95.  
96. # Optional SSL. By default is off.
97. # List of root certificates for HTTPS server verifications
98. #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
99.  
100. # Certificate for SSL client authentication
101. #ssl.certificate: "/etc/pki/client/cert.pem"
102.  
103. # Client Certificate Key
104. #ssl.key: "/etc/pki/client/cert.key"
105.  
106. #================================ Logging =====================================
107.  
108. # Sets log level. The default log level is info.
109. # Available log levels are: critical, error, warning, info, debug
110. #logging.level: debug
111.  
112. # At debug level, you can selectively enable logging only for some components.
113. # To enable all selectors use ["*"]. Examples of other selectors are "beat",
114. # "publish", "service".
115. #logging.selectors: ["*"]