ELK环境搭建之安装-filebeat-7.6.1

ELK

上一篇 ELK环境搭建之安装-logstash-7.5.1

查看linux服务器信息

[root@linux-node2 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@linux-node2 ~]# uname -r
2.6.32-573.el6.x86_64

1,下载安装包

2，解压文件

[es@linux-node2 ~]# tar -xvf filebeat-7.6.1.tar.gz

[es@linux-node2 ~]# ln -s filebeat

3，修改配置文件

vim filebeat.yml

###################### Filebeat Configuration Example #########################

#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each – is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

– type: log

# Change to true to enable this input configuration.
enabled: true

# Paths that should be crawled and fetched. Glob based paths.
paths:
– /app/file/logs/*/*.txt
#- c:\programdata\elasticsearch\logs\*

#============================= Filebeat modules ===============================

filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml

# Set to true to enable config reloading
reload.enabled: true

#==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false

#—————————– Logstash output ——————————–
output.logstash:
# The Logstash hosts
hosts: [“192.168.9.93:5044”]

# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: [“/etc/pki/root/ca.pem”]

# Certificate for SSL client authentication
#ssl.certificate: “/etc/pki/client/cert.pem”

# Client Certificate Key
#ssl.key: “/etc/pki/client/cert.key”

#================================ Logging =====================================

# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use [“*”]. Examples of other selectors are “beat”,
# “publish”, “service”.
#logging.selectors: [“*”]

：wq

4,切换es用户

[root@linux-node2 ~]#  su es

5,后台启动

[es@linux-node2 ~]# nohup ./filebeat -c filebeat.yml -e > logs/filebeat.log 2>&1 &

注意，前提是logstash已启动，不然会一直报错的！

本配置只监控，一文件夹下的的文件变动，并将数据传输至logstash

如果需要传输给kafaka,elastisearch 请参照官方文档

还可以直接监控 以下文件

+2

0