# CentOS Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at [Initialize Certificate](https://docs-vngcloud-vn.translate.goog/vng-cloud-document/v/vn/vmonitor/dashboards/logs/lam-viec-voi-log-agent/khoi-tao-certificate) . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup. **Setting** Determine the type of agent you want to install and follow that agent's instructions below: FilebeatLogstash * If using a script prepared in the download folder, run the command


`sudo chmod +x filebeat.sh sudo ./filebeat.sh <path-to-file-log>`

* If installing manually, run the command


`Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpm`

Next you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual. **Configuration** Filebeat


File `/etc/filebeat/filebeat.yml`. The configuration below will retrieve all logs in the file `/var/log/app.log`and push them to vMonitor Platform: In which In input the path to the log file In output , the variables you need to fill in are taken from the certificate loading step above: `$BOOTSTRAP_SERVERS, $TOPIC`taken from file info.md `$PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEM`is the path to the file VNG.trust.pem user.cer.pem user.key.pem Read more advanced configurations atConfigure Filebeat \| Filebeat Reference [8.8] \| Elastic

filebeat.inputs: - type: log paths: - /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: - $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644
filebeat.inputs: type: log paths: /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644
filebeat.inputs: type: log paths: /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644

*** **Administration** Filebeat


Start Enable Stop Reload Restart Observe Uninstall

`systemctl start logstash`

`systemctl enable logstash`

`systemctl stop logstash`

`systemctl reload logstash`

`systemctl restart logstash`

`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`

`yum remove logstash`
`systemctl start logstash`
`systemctl enable logstash`
`systemctl stop logstash`
`systemctl reload logstash`
`systemctl restart logstash`
`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`
`yum remove logstash`
`systemctl start logstash`
`systemctl enable logstash`
`systemctl stop logstash`
`systemctl reload logstash`
`systemctl restart logstash`
`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`