请选择 进入手机版 | 继续访问电脑版
 找回密码
 立即注册
搜索

本文来自

安全运维工具

安全运维工具

人已关注

请添加对本版块的简短描述

精选帖子

ELK 安装 filebeat

[复制链接]
1090 abc 发表于 2018-6-11 17:17:15
  1. Install Filebeat
  2.   Package managers Apt/Yum users can install from official repositories.
  3. deb (Debian/Ubuntu)

  4. curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.1-amd64.deb
  5. sudo dpkg -i filebeat-6.0.1-amd64.deb
  6. rpm (Redhat/Centos/Fedora)

  7. curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.1-x86_64.rpm
  8. sudo rpm -vi filebeat-6.0.1-x86_64.rpm
  9. 2
  10. Locate the configuration file
  11. deb/rpm /etc/filebeat/filebeat.yml

  12. 3
  13. Configure the prospectors
  14. Setup the data you wish to send us, by editing the prospector path variables.
  15. These fully support wildcards. You can also add a document type.
  16. An example with nginx logs might look like

  17. filebeat.prospectors:

  18. - type: log
  19.   enabled: true
  20.   paths:
  21.     - /var/log/nginx/access.log
  22.   fields:
  23.     type: nginx-access
  24.   fields_under_root: true
  25.   encoding: utf-8
  26.   exclude_files: [".gz"]
  27.   ignore_older: 3h

  28. - type: log
  29.   enabled: true
  30.   paths:
  31.     - /var/log/nginx/error.log
  32.   fields:
  33.     type: nginx-error
  34.   fields_under_root: true
  35.   encoding: utf-8
  36.   exclude_files: [".gz"]
  37.   ignore_older: 3h
  38.   There's also a full example configuration file called filebeat.full.yml that shows all the possible options.
  39. 4
  40. Configure output
  41. We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
  42. Comment out the elasticsearch output block.

  43. ## Comment out elasticsearch output
  44. #output.elasticsearch:
  45. #  hosts: ["localhost:9200"]
  46. Uncomment and change the logstash output to match below.

  47. output.logstash:
  48.     hosts: ["your-logstash-host:your-port"]
  49.     loadbalance: true
  50.     ssl.enabled: true
  51. 5
  52. Validate configuration
  53. Let's check the configuration file is syntactically correct.

  54. deb/rpm

  55. filebeat -e -c /etc/filebeat/filebeat.yml
  56. 6
  57. Start filebeat
  58. Ok, time to start ingesting data!

  59. deb/rpm

  60. $ sudo service filebeat start
复制代码



https://logit.io/sources/configure/nginx
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表