0

I am trying to save FULL Apache logs (including all request/response headers with the help of Mod_security) to Elasticsearch.

Currently I am using Filebeat and Logstash to transform the log into a desired format. However if it is possible to make audit log the way I want, there is no need for Logstash and I can make filebeat to save the log directly into Elasticsearch.

So, the question is "Can I change Mod_security audit log's format, so that I won't use Logstash?"

DavidK
  • 13
  • 5
  • I don't mean to be rude, this is meant to be a friendly advice. Your question is not related to logstash so tagging it might discourage apache2 users to try and help you. I came to help in logstash but this is not related and I don't know apache. I hope you find the right man for your question. – MrSimple Jan 29 '18 at 13:50
  • @MrSimple I will remove logstash from tag. Thanks :-) – DavidK Jan 31 '18 at 07:56

0 Answers0