Install Log Agent on Docker
Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Setting
FilebeatLogstash
Download images
Copy
docker pull docker.elastic.co/beats/filebeat:8.7.0
Download the certificate to get user authentication information
If using the prepared script in the download folder, run the command:
In the setup example below, we will mount
/var/log/app.log
an agent installed using docker to push logs to the system
Copy
docker compose up -d -f docker-compose.yml
The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.
Configuration
File
docker-compose.yml
Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
File
filebeat.yml
. The configuration below will retrieve all logs written to file/var/log/app.log
for vMonitor Platform:
Copy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Note: the $ variables
BOOTSTRAP_SERVERS, $TOPIC
above are already incontainer.env
the file in the downloaded certificate folder.
Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
Copy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
Copy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Administration
FilebeatLogstash
Stop
Copy
docker stop filebeat
Reload
Copy
docker kill --signal=HUP filebeat
Restart
Copy
docker restart filebeat
Observe
Copy
docker logs --tail 100 -f filebeat
Uninstall
Copy
docker rm filebeat
Copy
docker stop filebeat
Copy
docker kill --signal=HUP filebeat
Copy
docker restart filebeat
Copy
docker logs --tail 100 -f filebeat
Copy
docker rm filebeat
Copy
docker stop filebeat
Copy
docker kill --signal=HUP filebeat
Copy
docker restart filebeat
Copy
docker logs --tail 100 -f filebeat
Copy
docker rm filebeat
Before performing agent installation on the operating systems we support below, you need to Initialize Certificate . The setup agent instructions are in the readme file, the script instructions are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Last updated