Before installing the agent on the operating systems we support below, you need to download the certificate according to the instructions at Initialize Certificate . Information on setting up the agent is in the readme file, and the instruction scripts are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Setting
FilebeatLogstash
Copy
Copy docker pull docker.elastic.co/beats/filebeat:8.7.0
If using the prepared script in the download folder, run the command:
In the setup example below, we will mount /var/log/app.log
an agent installed using docker to push logs to the system
Copy
Copy docker compose up -d -f docker-compose.yml
The configuration files below have been prepared by us in the script when downloading the certificate. The description below helps readers imagine what it would be like if we created a manual.
Configuration
Copy
Copy version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
File filebeat.yml
. The configuration below will retrieve all logs written to file /var/log/app.log
for vMonitor Platform:
Copy
Copy filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Note: the $ variables BOOTSTRAP_SERVERS, $TOPIC
above are already in container.env
the file in the downloaded certificate folder.
Copy
Copy version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
Copy
Copy filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Copy
Copy version: "3"
services:
filebeat-agent-vmonitor:
image: docker.elastic.co/beats/filebeat:8.7.0
container_name: filebeat-agent-vmonitor
restart: always
env_file:
- container.env
volumes:
- $PWD/filebeat.yml:/usr/share/filebeat/filebeat.yml
- $PWD/VNG.trust.pem:/usr/share/filebeat/VNG.trust:rw
- $PWD/user.cer.pem:/usr/share/filebeat/user.cer.pem:rw
- $PWD/user.key.pem:/usr/share/filebeat/user.key.pem:rw
- /var/log/app.log:/var/log/app.log:ro
- /var/log/filebeat/:/var/log/filebeat/
logging:
driver: "json-file"
options:
max-size: "50m"
deploy:
resources:
limits:
cpus: '1'
memory: 2G
Copy
Copy filebeat.inputs:
- type: log
paths:
- /var/log/app.log
output.kafka:
hosts: ${BOOTSTRAP_SERVERS}
topic: ${TOPIC}
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
ssl.certificate_authorities:
- /usr/share/filebeat/VNG.trust
ssl.certificate: /usr/share/filebeat/user.cer.pem
ssl.key: /usr/share/filebeat/user.key.pem
ssl.verification_mode: "none"
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
Administration
FilebeatLogstash
Copy
Copy docker kill --signal=HUP filebeat
Copy
Copy docker restart filebeat
Copy
Copy docker logs --tail 100 -f filebeat
Copy
Copy docker kill --signal=HUP filebeat
Copy
Copy docker restart filebeat
Copy
Copy docker logs --tail 100 -f filebeat
Copy
Copy docker kill --signal=HUP filebeat
Copy
Copy docker restart filebeat
Copy
Copy docker logs --tail 100 -f filebeat
Before performing agent installation on the operating systems we support below, you need to Initialize Certificate . The setup agent instructions are in the readme file, the script instructions are also in the downloaded certificate file. Use this information with the instructions below to complete Agent for Log setup.
Last updated 4 months ago