526互联

ubuntu22.04 部署filebeat 8.7

发布时间 2023-04-11 17:22:26作者: 小吉猫

下载filebeat

# curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.0-linux-x86_64.tar.gz

创建数据目录

# mkdir -pv /data/apps/filbeat/{data,logs}

安装filebeat

# tar xzvf filebeat-8.7.0-linux-x86_64.tar.gz -C /usr/local/
# ln -sv /usr/local/filebeat-8.7.0-linux-x86_64 /usr/local/filebeat

filebeat.service

[Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/beats/filebeat
Wants=network-online.target
After=network-online.target

[Service]

UMask=0027
Environment="GODEBUG='madvdontneed=1'"
Environment="BEAT_LOG_OPTS="
Environment="BEAT_CONFIG_OPTS=-c /usr/local/filebeat/filebeat.yml"
Environment="BEAT_PATH_OPTS=--path.home /usr/local/filebeat --path.config /usr/local/filebeat --path.data /data/apps/filebeat/data --path.logs /data/apps/filebeat/logs"
ExecStart=/usr/local/filebeat/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=always

[Install]
WantedBy=multi-user.target

filebeat.yml

filebeat.inputs:
- type: filestream 
  enabled: true
  id: my-filestream-id
  paths:
    - /var/log/system.log
    - /var/log/wifi.log
    
- type: filestream 
  enabled: true
  id: apache-filestream-id
  paths:
    - "/var/log/apache2/*"
  fields:
    apache: true

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: true

  # Period on which files under path should be checked for changes
  #reload.period: 10s

output.elasticsearch:
  hosts: ["https://myEShost:9200"]
  username: "filebeat_internal"
  password: "YOUR_PASSWORD" 
  ssl:
    enabled: true
    ca_trusted_fingerprint: "b9a10bbe64ee9826abeda6546fc988c8bf798b41957c33d05db736716513dc9c"

setup.kibana:
  host: "mykibanahost:5601" 
  username: "my_kibana_user"  
  password: "{pwd}"

收集数据模块

查看可用的模块

# filebeat modules list

启用模块

# /usr/local/filebeat/filebeat modules enable nginx
Enabled nginx

修改nginx模块

# cat modules.d/nginx.yml
# Module: nginx
# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nginx.html

- module: nginx
  # Access logs
  access:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/nginx/access.log*"]

  # Error logs
  error:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/nginx/access.log*"]

  # Ingress-nginx controller logs. This is disabled by default. It could be used in Kubernetes environments to parse ingress-nginx logs
  ingress_controller:
    enabled: false

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

 

参考文档

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html