CentOS

Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.

Setting

Determine the type of agent you want to install and follow that agent's instructions below:

FilebeatLogstash

  • If using a script prepared in the download folder, run the command

sudo chmod +x filebeat.sh
sudo ./filebeat.sh <path-to-file-log>

  • If installing manually, run the command

Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm
Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpm

Next you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.

Configuration

Filebeat

  • File /etc/filebeat/filebeat.yml. The configuration below will retrieve all logs in the file /var/log/app.logand push them to vMonitor Platform:

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

  • In which In input the path to the log file

    In output , the variables you need to fill in are taken from the certificate loading step above:

    • $BOOTSTRAP_SERVERS, $TOPICtaken from file info.md

    • $PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEMis the path to the file VNG.trust.pem user.cer.pem user.key.pem

  • Read more advanced configurations atConfigure Filebeat | Filebeat Reference [8.8] | Elastic

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
filebeat.inputs:

type: log
paths:

/var/log/app.log



output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
filebeat.inputs:

type: log
paths:

/var/log/app.log



output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Administration

Filebeat

  • Start

systemctl start logstash

  • Enable

systemctl enable logstash

  • Stop

systemctl stop logstash

  • Reload

systemctl reload logstash

  • Restart

systemctl restart logstash

  • Observe

systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash

  • Uninstall

yum remove logstash

systemctl start logstash

systemctl enable logstash

systemctl stop logstash

systemctl reload logstash

systemctl restart logstash

systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash

yum remove logstash
systemctl start logstash
systemctl enable logstash
systemctl stop logstash
systemctl reload logstash
systemctl restart logstash
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
yum remove logstash
systemctl start logstash
systemctl enable logstash
systemctl stop logstash
systemctl reload logstash
systemctl restart logstash
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstash
PreviousInstall Log Agent on OSNextDebian/ Ubuntu

Last updated