CentOS
Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Setting
Determine the type of agent you want to install and follow that agent's instructions below:
FilebeatLogstash
If using a script prepared in the download folder, run the command
sudo chmod +x filebeat.sh
sudo ./filebeat.sh <path-to-file-log>If installing manually, run the command
Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm
Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpmNext you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.
Configuration
Filebeat
File
/etc/filebeat/filebeat.yml. The configuration below will retrieve all logs in the file/var/log/app.logand push them to vMonitor Platform:
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644In which In input the path to the log file
In output , the variables you need to fill in are taken from the certificate loading step above:
$BOOTSTRAP_SERVERS, $TOPICtaken from file info.md$PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEMis the path to the file VNG.trust.pem user.cer.pem user.key.pem
Read more advanced configurations at
Configure Filebeat | Filebeat Reference [8.8] | Elastic
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ["$BOOTSTRAP_SERVERS"]
topic: "$TOPIC"
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- $PATH_FILE_VNG_TRUST_PEM
ssl.certificate: "$PATH_FILE_USER_CER_PEM"
ssl.key: "$PATH_FILE_USER_KEY_PEM"
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644Administration
Filebeat
Start
systemctl start logstashEnable
systemctl enable logstashStop
systemctl stop logstashReload
systemctl reload logstashRestart
systemctl restart logstashObserve
systemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstashUninstall
yum remove logstashsystemctl start logstashsystemctl enable logstashsystemctl stop logstashsystemctl reload logstashsystemctl restart logstashsystemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstashyum remove logstashsystemctl start logstashsystemctl enable logstashsystemctl stop logstashsystemctl reload logstashsystemctl restart logstashsystemctl status logstash
journalctl -f --unit logstash
tail -f /var/log/logstashLast updated