摘要:
下载安装wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.4.2/filebeat-7.4... 下载安装
wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.4.2/filebeat-7.4.2-x86_64.rpm rpm -ivh filebeat-7.4.2-x86_64.rpm
配置
mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.orig
cat > /etc/filebeat/filebeat.yml << \EOF
filebeat.config.inputs:
enabled: true
path: inputs.d/*.yml
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
max_procs: 1
queue.mem:
events: 4096
flush.min_events: 2048
flush.timeout: 5s
setup.ilm.enabled: false
output.logstash:
hosts: ["192.168.10.27:5000"]
#loadbalance: true
#compression_level: 6
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
EOF
# 说明:
192.168.10.27:5000 -- Logstash的地址和端口
filebeat.yml里的配置参数详细解说在以后介绍,这里的部分配置只是确保服务能正常启动,没有收集任何日志信息.filebeat.yml配置内容可以保证服务正常启动,但是没有采集应用日志相关配置,下面以nginx应用作为应用采集配置作为举例讲解:
inputs.d/nginx.yml:
- type: log enabled: true paths: - /var/log/nginx/access.log json.keys_under_root: true json.add_error_key: true json.overwrite_keys: true tags: ["nginx_access"] fields: svcname: nginx logtype: nginx_access - type: log enabled: true paths: - /var/log/nginx/error.log tags: ["nginx_error"] fields: svcname: nginx logtype: nginx_error
服务启停
为了简便,给服务起一个简短的名称,在/usr/lib/systemd/system/filebeat.service中添加别名: [Install] Alias=fb.service # 让别名生效 systemctl enable filebeat systemctl start fb
验证服务
首先查看agent进程是否正常启动 systemctl status filebeat
还没有评论,来说两句吧...