Logging Scenario - Send Local Logs to Filebeat

Last modified on March 24, 2023

Scenario: You want to save gateway/relay logs to Filebeat. This guide presents a simple method to automatically send all gateway/relay logs to Filebeat, which is a common ingestion tool for solutions like ElasticSearch.

As with all gateway/relay logs, the logs stored on the gateway/relay will not include Admin UI activities, which can be accessed via the sdm audit activities command.

Setting up the export

Enable relay logging in the Admin UI under Settings / Log Encryption & Storage. Ensure logging is set to FILE.
Use these instructions to install the Filebeat client on each gateway or relay.

Create a manual input configuration that looks like the following:

paths:
    - /home/sdm/.sdm/logs/*.log
include_lines: ['uuid\":\"0']

Modify the second line to use the absolute path to the SDM logs on your machine.
The include_lines entry parses the log format to include the uuid (the unique id for each log event) and events of type “0”, which are database queries.
You can omit the include_lines entry if you would like to capture all events.

Logging Scenario - Send Local Logs to Filebeat

Setting up the export #

Setting up the export