Install Log Agent on Docker

Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.

Setting

FilebeatLogstash

Download images

Copy

docker pull docker.elastic.co/beats/filebeat:8.7.0

Download the certificate to get user authentication information
If using the prepared script in the download folder, run the command:
- In the setup example below, we will mount /var/log/app.logan agent installed using docker to push logs to the system

Copy

docker compose up -d -f docker-compose.yml

The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.

Configuration

Filedocker-compose.yml

Copy

version: "3"
services:
  filebeat-agent-vmonitor:
    image: docker.elastic.co/beats/filebeat:8.7.0
    container_name: filebeat-agent-vmonitor
    restart: always
    env_file:
      - container.env
    volumes:
      -  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
      -  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
      -  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
      -  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
      -  /var/log/app.log:/var/log/app.log:ro
      -  /var/log/filebeat/:/var/log/filebeat/
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
    deploy:
      resources:
         limits:
           cpus: '1'
           memory: 2G

File filebeat.yml. The configuration below will retrieve all logs written to file /var/log/app.logfor vMonitor Platform:

Copy

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Note: the $ variables BOOTSTRAP_SERVERS, $TOPICabove are already in container.envthe file in the downloaded certificate folder.

Copy

version: "3"
services:
  filebeat-agent-vmonitor:
    image: docker.elastic.co/beats/filebeat:8.7.0
    container_name: filebeat-agent-vmonitor
    restart: always
    env_file:
      - container.env
    volumes:
      -  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
      -  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
      -  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
      -  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
      -  /var/log/app.log:/var/log/app.log:ro
      -  /var/log/filebeat/:/var/log/filebeat/
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
    deploy:
      resources:
         limits:
           cpus: '1'
           memory: 2G

Copy

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Copy

version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
-  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
-  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
-  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
-  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
-  /var/log/app.log:/var/log/app.log:ro
-  /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G

Copy

filebeat.inputs:

type: log
paths:

/var/log/app.log



output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Copy

version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
-  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
-  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
-  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
-  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
-  /var/log/app.log:/var/log/app.log:ro
-  /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G

Copy

filebeat.inputs:

type: log
paths:

/var/log/app.log



output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Administration

FilebeatLogstash

Stop

Copy

docker stop filebeat

Reload

Copy

docker kill --signal=HUP filebeat

Restart

Copy

docker restart filebeat

Observe

Copy

docker logs --tail 100 -f filebeat

Uninstall

Copy

docker rm filebeat

Copy

docker stop filebeat

Copy

docker kill --signal=HUP filebeat

Copy

docker restart filebeat

Copy

docker logs --tail 100 -f filebeat

Copy

docker rm filebeat

Copy

docker stop filebeat

Copy

docker kill --signal=HUP filebeat

Copy

docker restart filebeat

Copy

docker logs --tail 100 -f filebeat

Copy

docker rm filebeat

Copy

docker stop filebeat

Copy

docker kill --signal=HUP filebeat

Copy

docker restart filebeat

Copy

docker logs --tail 100 -f filebeat

Copy

docker rm filebeat

Before performing agent installation on the operating systems we support below, you need to Initialize Certificate . The setup agent instructions are in the readme file, the script instructions are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.

PreviousWindows NextInstall Log Agent on Kubernetes

Last updated 1 year ago