Install Filebeat Add repositories https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html Install sudo yum install filebeat sudo systemctl enable filebeat Configure Filebeat sudo cp -av /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.default sudo vim /etc/filebeat/filebeat.yml filebeat.inputs: filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false output.logstash: hosts: ["LOGSTASHIP:5044"] processors: - add_host_metadata: ~ - add_cloud_metadata: ~ logging.to_syslog: false logging.to_files: true logging.files: path: "/var/log/filebeat" name: "filebeat.log" keepfiles: 7 sudo filebeat modules enable … Continue reading Send audit logs to Logstash with Filebeat from Centos/RHEL →