Logging Scenario - Send Local Logs to Filebeat
Scenario: You want to save gateway/relay logs to Filebeat. This guide presents a simple method to automatically send all gateway/relay logs to Filebeat, which is a common ingestion tool for solutions like ElasticSearch.
As with all gateway/relay logs, the logs stored on the gateway/relay will not include Admin UI activities, which can be accessed via the
sdm audit activities command.
Setting up the export
- Enable relay logging in the Admin UI under Settings / Log Encryption & Storage. Ensure logging is set to FILE.
- Use these instructions to install the Filebeat client on each gateway or relay.
- Create a manual input configuration that looks like the following:paths:- /home/sdm/.sdm/logs/*.loginclude_lines: ['uuid\":\"0']
- Modify the second line to use the absolute path to the SDM logs on your machine.
include_linesentry parses the log format to include the uuid (the unique id for each log event) and events of type "0", which are database queries.
- You can omit the
include_linesentry if you would like to capture all events.