Install Log Agent on Docker
Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Setting
FilebeatLogstash
Download images
Copy
docker pull docker.elastic.co/beats/filebeat:8.7.0Download the certificate to get user authentication information
If using the prepared script in the download folder, run the command:
In the setup example below, we will mount
/var/log/app.logan agent installed using docker to push logs to the system
Copy
docker compose up -d -f docker-compose.ymlThe configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.
Configuration
File
docker-compose.yml
Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2GFile
filebeat.yml. The configuration below will retrieve all logs written to file/var/log/app.logfor vMonitor Platform:
Copy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644Note: the $ variables
BOOTSTRAP_SERVERS, $TOPICabove are already incontainer.envthe file in the downloaded certificate folder.
Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2GCopy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644Copy
version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2GCopy
filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644Administration
FilebeatLogstash
Stop
Copy
docker stop filebeatReload
Copy
docker kill --signal=HUP filebeatRestart
Copy
docker restart filebeatObserve
Copy
docker logs --tail 100 -f filebeatUninstall
Copy
docker rm filebeatCopy
docker stop filebeatCopy
docker kill --signal=HUP filebeatCopy
docker restart filebeatCopy
docker logs --tail 100 -f filebeatCopy
docker rm filebeatCopy
docker stop filebeatCopy
docker kill --signal=HUP filebeatCopy
docker restart filebeatCopy
docker logs --tail 100 -f filebeatCopy
docker rm filebeatBefore performing agent installation on the operating systems we support below, you need to Initialize Certificate . The setup agent instructions are in the readme file, the script instructions are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Last updated