# CentOS Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at [Initialize Certificate](https://docs-vngcloud-vn.translate.goog/vng-cloud-document/v/vn/vmonitor/dashboards/logs/lam-viec-voi-log-agent/khoi-tao-certificate) . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup. **Setting** Determine the type of agent you want to install and follow that agent's instructions below: FilebeatLogstash * If using a script prepared in the download folder, run the command


`sudo chmod +x filebeat.sh sudo ./filebeat.sh <path-to-file-log>`

* If installing manually, run the command


`Tải tệp tin rpm: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.1-x86_64.rpm Install filebeat: sudo rpm -vi filebeat-8.7.1-x86_64.rpm`

Next you need to configure agent log. The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual. **Configuration** Filebeat


File `/etc/filebeat/filebeat.yml`. The configuration below will retrieve all logs in the file `/var/log/app.log`and push them to vMonitor Platform: In which In input the path to the log file In output , the variables you need to fill in are taken from the certificate loading step above: `$BOOTSTRAP_SERVERS, $TOPIC`taken from file info.md `$PATH_FILE_VNG_TRUST_PEM, $PATH_FILE_USER_CER_PEM, $PATH_FILE_USER_KEY_PEM`is the path to the file VNG.trust.pem user.cer.pem user.key.pem Read more advanced configurations atConfigure Filebeat \| Filebeat Reference [8.8] \| Elastic

filebeat.inputs: - type: log paths: - /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: - $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644
filebeat.inputs: type: log paths: /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644
filebeat.inputs: type: log paths: /var/log/app.log output.kafka: hosts: ["$BOOTSTRAP_SERVERS"] topic: "$TOPIC" partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 ssl.certificate_authorities: $PATH_FILE_VNG_TRUST_PEM ssl.certificate: "$PATH_FILE_USER_CER_PEM" ssl.key: "$PATH_FILE_USER_KEY_PEM" ssl.verification_mode: "none" logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644

*** **Administration** Filebeat


Start Enable Stop Reload Restart Observe Uninstall

`systemctl start logstash`

`systemctl enable logstash`

`systemctl stop logstash`

`systemctl reload logstash`

`systemctl restart logstash`

`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`

`yum remove logstash`
`systemctl start logstash`
`systemctl enable logstash`
`systemctl stop logstash`
`systemctl reload logstash`
`systemctl restart logstash`
`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`
`yum remove logstash`
`systemctl start logstash`
`systemctl enable logstash`
`systemctl stop logstash`
`systemctl reload logstash`
`systemctl restart logstash`
`systemctl status logstash journalctl -f --unit logstash tail -f /var/log/logstash`

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vmonitor/dashboards/logs/lam-viec-voi-log-agent/cai-dat-log-agent-tren-cac-he-dieu-hanh/centos.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.