ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ELK Stack and Journalctl

    IT Discussion
    elk journalctl journald log management elasticsearch logstash
    3
    5
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates
      last edited by scottalanmiller

      I was just messing around and noticed Fedora 22 doesn't have a /var/log/messages file or a /var/log/secure file.

      I saw that you can edit /etc/systemd/journald.conf and have it output to syslog but I didn't seem to get it working. How do you output from journalctl to ELK?

      1 Reply Last reply Reply Quote 1
      • dafyreD
        dafyre
        last edited by

        Paging @scottalanmiller

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          I'm out traveling the country, but can dig into this later in the week.

          1 Reply Last reply Reply Quote 1
          • stacksofplatesS
            stacksofplates
            last edited by

            Well I now have a /var/log/messages file and a /var/log/secure file, but they are still empty. Just an update.

            1 Reply Last reply Reply Quote 0
            • stacksofplatesS
              stacksofplates
              last edited by

              After some more testing it seems enabling output to journald.conf has worked. I did restart it after I tried that but it didn't show up. Now it's working. Not sure what changed, but at least it's working.

              1 Reply Last reply Reply Quote 1
              • 1 / 1
              • First post
                Last post