Filebeat

From DarkWiki
Revision as of 10:27, 9 September 2019 by Apowney (talk | contribs) (Configuration)
Jump to: navigation, search

Installation on Ubuntu

From repositories (see https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html) 

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo update-rc.d filebeat defaults 95 10

Configuration

Stored as `/etc/filebeat/filebeat.yml` 

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
- type: container
  enabled: true
  paths:
    - "/var/lib/docker/containers/*/*.log"
  tags: ["json"]
  json.keys_under_root: true
  json.add_error_key: true
  json.message_key: message
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.logstash:
  hosts: ["localhost:5044"]
  ssl.enabled: true
  ssl.verification_mode: none
  ssl.certificate: "/etc/filebeat/logstash-beats.crt"
  ssl.key: "/etc/filebeat/logstash-beats.key"
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
Retrieved from ‘http://wiki.darkmine.org/index.php?title=Filebeat&oldid=550