#---------------------------------------------filter----------------------------------------------- input { beats { host => "0.0.0.0" port => 5044 #type => "beats-input" } } #---------------------------------------------filter----------------------------------------------- filter{ # if "audit-log" in [tags] { # # } } #---------------------------------------------output----------------------------------------------- output { #----metricbeat conf------------------------------------ if "metric-host" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "metricbeat-7.6.1-%{+YYYY.MM.dd}" #document_type => "metricbeat-log" action => "index" manage_template => false template_name => "metricbeat-7.6.1" } } #----filebeat conf------------------------------------ if "filelog_audit" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-audit" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_chrony" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-chrony" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_cmdlog" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-cmdlog" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_cron" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-cron" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_dmesg" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-dmesg" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_apache" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-apache" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_nginx" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-nginx" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_messages" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-messages" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_secure" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-secure" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } if "filelog_yum" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "filebeat-7.6.1-%{+YYYY.MM.dd}-yum" #document_type => "filebeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "filebeat-7.6.1" } } #----auditbeat conf------------------------------------ if "audit_auditd" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "auditbeat-7.6.1-%{+YYYY.MM.dd}-auditd" #document_type => "auditbeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "auditbeat-7.6.1" } } if "audit_file" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "auditbeat-7.6.1-%{+YYYY.MM.dd}-file" #document_type => "auditbeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "auditbeat-7.6.1" } } if "audit_system" in [tags] { elasticsearch { hosts => ["127.0.0.1:9200"] index => "auditbeat-7.6.1-%{+YYYY.MM.dd}-system" #document_type => "auditbeat-7.6.1-log" enable_metric => true manage_template => false action => "index" template_name => "auditbeat-7.6.1" } } }