CentOS
Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Setting
Determine the type of agent you want to install and follow that agent's instructions below:
FilebeatLogstash
If using a script prepared in the download folder, run the command
sudo chmod +x filebeat.sh
sudo ./filebeat.sh <path-to-file-log>
If installing manually, run the command
Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm
Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpm
Next you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.
Configuration
Filebeat
File
/etc/filebeat/filebeat.yml
. The configuration below will retrieve all logs in the file/var/log/app.log
and push them to vMonitor Platform:
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
In which In input the path to the log file
In output , the variables you need to fill in are taken from the certificate loading step above:
$BOOTSTRAP_SERVERS, $TOPIC
taken from file info.md$PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEM
is the path to the file VNG.trust.pem user.cer.pem user.key.pem
Read more advanced configurations at
Configure Filebeat | Filebeat Reference [8.8] | Elastic
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Administration
Filebeat
Start
systemctl start logstash
Enable
systemctl enable logstash
Stop
systemctl stop logstash
Reload
systemctl reload logstash
Restart
systemctl restart logstash
Observe
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
Uninstall
yum remove logstash
systemctl start logstash
systemctl enable logstash
systemctl stop logstash
systemctl reload logstash
systemctl restart logstash
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
yum remove logstash
systemctl start logstash
systemctl enable logstash
systemctl stop logstash
systemctl reload logstash
systemctl restart logstash
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
Last updated