Our Service
Other service

CentOS

Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.

Setting

Determine the type of agent you want to install and follow that agent's instructions below:

FilebeatLogstash

  • If using a script prepared in the download folder, run the command

sudo chmod +x filebeat.sh
sudo ./filebeat.sh <path-to-file-log>

  • If installing manually, run the command

Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm
Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpm

Next you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.

Configuration

Filebeat

  • File /etc/filebeat/filebeat.yml. The configuration below will retrieve all logs in the file /var/log/app.logand push them to vMonitor Platform:

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log

output.kafka:
  hosts: ["$BOOTSTRAP_SERVERS"]
  topic: "$TOPIC"
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000
  ssl.certificate_authorities:
    - $PATH_FILE_VNG_TRUST_PEM
  ssl.certificate: "$PATH_FILE_USER_CER_PEM"
  ssl.key: "$PATH_FILE_USER_KEY_PEM"
  ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

  • In which In input the path to the log file

    In output , the variables you need to fill in are taken from the certificate loading step above:

    • $BOOTSTRAP_SERVERS, $TOPICtaken from file info.md

    • $PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEMis the path to the file VNG.trust.pem user.cer.pem user.key.pem

  • Read more advanced configurations atConfigure Filebeat | Filebeat Reference [8.8] | Elastic

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log

output.kafka:
  hosts: ["$BOOTSTRAP_SERVERS"]
  topic: "$TOPIC"
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000
  ssl.certificate_authorities:
    - $PATH_FILE_VNG_TRUST_PEM
  ssl.certificate: "$PATH_FILE_USER_CER_PEM"
  ssl.key: "$PATH_FILE_USER_KEY_PEM"
  ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log

output.kafka:
  hosts: ["$BOOTSTRAP_SERVERS"]
  topic: "$TOPIC"
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000
  ssl.certificate_authorities:
    - $PATH_FILE_VNG_TRUST_PEM
  ssl.certificate: "$PATH_FILE_USER_CER_PEM"
  ssl.key: "$PATH_FILE_USER_KEY_PEM"
  ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

Administration

Filebeat

  • Start

systemctl start logstash

  • Enable

systemctl enable logstash

  • Stop

systemctl stop logstash

  • Reload

systemctl reload logstash

  • Restart

systemctl restart logstash

  • Observe

systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash

  • Uninstall

yum remove logstash

systemctl start logstash

systemctl enable logstash

systemctl stop logstash

systemctl reload logstash

systemctl restart logstash

systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash

yum remove logstash

systemctl start logstash

systemctl enable logstash

systemctl stop logstash

systemctl reload logstash

systemctl restart logstash

systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
PreviousInstall Log Agent on OSNextDebian/ Ubuntu

Last updated

Logo

Address

VNG Corporation

Contact us

support@vngcloud.vn1900 1549

About us

About VNG CloudGet started our cloud