path.config in logstash.yml file

[ledin...@gmail.com]

Just finished installing my first SO_16.04.04.1 machine and in getting to know the system, I noticed what I think are a couple of errors. I would like to confirm the following before changing anything.

(1) The path.config is set to /usr/share/logstash/pipeline/*.conf but that location does not exist - is this an error?

(2) The following note seem inaccurate:

"# /etc/logstash/conf.d is mapped to /usr/share/logstash/pipeline in the Docker image"

As mentioned above, that location does not exist. Also, /etc/logstash/conf.d doesn't actually map to anything - it actually exists !!! However, all of the files within that directory are symlinks that map to the same filenames in /etc/logstash/conf.d.available

Can someone clarify what's going on here? DO I need to correct the path.config setting?

[Doug Burks]

Hi ledingtech,

No, you do not need to correct the path.config setting.  Your user account in the host OS will not see /usr/share/logstash/pipeline.  That path is only visible from inside the Docker container.  /etc/logstash/conf.d (in the host OS) is mapped to /usr/share/logstash/pipeline (in the Docker container) by so-logstash-start which is responsible for starting the Logstash container:

https://github.com/Security-Onion-Solutions/securityonion-elastic/blob/master/usr/sbin/so-logstash-start#L134

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

Doug Burks