Install Log Agent on Docker

Copy

docker pull docker.elastic.co/beats/filebeat:8.7.0

Copy

docker compose up -d -f docker-compose.yml

Filedocker-compose.yml

File filebeat.yml. The configuration below will retrieve all logs written to file /var/log/app.logfor vMonitor Platform:

Note: the $ variables BOOTSTRAP_SERVERS, $TOPICabove are already in container.envthe file in the downloaded certificate folder.

Copy

version: "3"
services:
  filebeat-agent-vmonitor:
    image: docker.elastic.co/beats/filebeat:8.7.0
    container_name: filebeat-agent-vmonitor
    restart: always
    env_file:
      - container.env
    volumes:
      -  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
      -  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
      -  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
      -  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
      -  /var/log/app.log:/var/log/app.log:ro
      -  /var/log/filebeat/:/var/log/filebeat/
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
    deploy:
      resources:
         limits:
           cpus: '1'
           memory: 2G

Copy

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log

output.kafka:
  hosts: ${BOOTSTRAP_SERVERS}
  topic: ${TOPIC}
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000
  ssl.certificate_authorities:
    - /usr/share/filebeat/VNG.trust
  ssl.certificate: /usr/share/filebeat/user.cer.pem
  ssl.key: /usr/share/filebeat/user.key.pem
  ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

Copy

version: "3"
services:
  filebeat-agent-vmonitor:
    image: docker.elastic.co/beats/filebeat:8.7.0
    container_name: filebeat-agent-vmonitor
    restart: always
    env_file:
      - container.env
    volumes:
      -  $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
      -  $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
      -  $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
      -  $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
      -  /var/log/app.log:/var/log/app.log:ro
      -  /var/log/filebeat/:/var/log/filebeat/
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
    deploy:
      resources:
         limits:
           cpus: '1'
           memory: 2G

Copy

filebeat.inputs:
- type: log
  paths:
    - /var/log/app.log

output.kafka:
  hosts: ${BOOTSTRAP_SERVERS}
  topic: ${TOPIC}
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000
  ssl.certificate_authorities:
    - /usr/share/filebeat/VNG.trust
  ssl.certificate: /usr/share/filebeat/user.cer.pem
  ssl.key: /usr/share/filebeat/user.key.pem
  ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

Stop

Reload

Restart

Observe

Uninstall

Copy

docker stop filebeat

Copy

docker kill --signal=HUP filebeat

Copy

docker restart filebeat

Copy

docker logs --tail 100 -f filebeat

Copy

docker rm filebeat

Copy

docker stop filebeat

Copy

docker kill --signal=HUP filebeat

Copy

docker restart filebeat

Copy

docker logs --tail 100 -f filebeat

Copy

docker rm filebeat