Logging Scenario - Send Local Logs to Filebeat
Last modified on August 10, 2022
Scenario: You want to save gateway/relay logs to Filebeat. This guide presents a simple method to automatically send all gateway/relay logs to Filebeat, which is a common ingestion tool for solutions like ElasticSearch.
sdm audit activitiescommand.
Setting up the export
- Enable relay logging in the Admin UI under Settings / Log Encryption & Storage. Ensure logging is set to FILE.
- Use these instructions to install the Filebeat client on each gateway or relay.
- Create a manual input configuration that looks like the following:
paths: - /home/sdm/.sdm/logs/*.log include_lines: ['uuid\":\"0']
- Modify the second line to use the absolute path to the SDM logs on your machine.
include_linesentry parses the log format to include the uuid (the unique id for each log event) and events of type “0”, which are database queries.
- You can omit the
include_linesentry if you would like to capture all events.