A pretty cool and easy to follow article on configuring filebeat to monitor your Ubuntu/CentOS boxes from Burnham Forensics is pretty cool.
Though, I do have to question any article from a security professional that includes the following line:
Elevate to sudo if not done so already:
sudo su
… let alone in an article about logging! :)