TechQA.

Logstash initially reads but then stops reading log files from CIFS network share

673 views Asked by At

I've set up a logstash on a CentOS server to read from our production web servers IIS logs via a CIFS mount.

input {
    file {
        path => "/mnt/remote/server*/W3SVC1/ex*.log"
        type => "w3c"
    }
}

filter {
grok {
    type => "w3c"
    match => [ "message", "%{HOST:hostname} %{IP:hostip} %{WORD:method} %{URIPATH:request} (?:%{NOTSPACE:param}|-) %{NUMBER:port} (?:%{USER:username}|-) %{IPORHOST:clientip} %{NOTSPACE:httpver} (?:%{NOTSPACE:agent}|-) %{NOTSPACE:cookies} %{NOTSPACE:referer} %{IPORHOST:webhostname} %{NUMBER:status} %{NUMBER:time-taken}" ]
    }
}

But, after initially reading an initial burst of logs, it just dies.

Timeseries die down (The elevated data afterwards is from a different data source)

I tried a hack from Jordan from this thread, but it doesn't seem to work

tail -f /mnt/remote/server1/W3SVC1/ex130913.log | java -jar logstash.jar

We are purposely avoiding installing Java/Logstash on our front-end web servers because of security issues. So, can you think of a way to make this work?

cifs logstash
Original Q&A
0

There are 0 answers

Related Questions in CIFS

Related Questions in LOGSTASH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions