ELK Lesson 11:設定Metricbeat監控項目
Metricbeat是監控的利器
Metricbeat可以監控的項目非常多,包括常用的Windows、Linux外,IIS、Apache、Tomcat…等,雲端的部分,Azure、AWS、GCP三大公有雲服務業者都有支援,詳細清單可以參考【官網】,本篇就針對監控Linux伺服器為範例。
步驟1:啟動Linux監控模組-System module
$ /usr/share/metricbeat/bin/metricbeat modules enable system步驟2:調整監控項目,參考官網的【system模組說明】,每個監控項目所支援的作業系統有些不同,整理如下:
| # | 監控項目 | Windows | Linux | macOS |
| 1 | core | V | V | V |
| 2 | cpu | V | V | V |
| 3 | diskio | V | V | V |
| 4 | entropy | V | ||
| 5 | filesystem | V | V | V |
| 6 | fsstat | V | V | V |
| 7 | load | V | V | |
| 8 | memory | V | V | V |
| 9 | network | V | V | V |
| 10 | network_summary | V | ||
| 11 | process | V | V | V |
| 12 | process_summary | V | V | V |
| 13 | raid | V | ||
| 14 | service | V | ||
| 15 | socket | V | ||
| 16 | socket_summary | V | V | V |
| 17 | uptime | V | V | V |
| 18 | users | V |
根據需求,調整/etc/metricbeat/modules/system.yml設定檔的內容,如下:
# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-system.html
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- network_summary
- process
- process_summary
- socket_summary
- entropy
- core
- diskio
- socket
- service
- users
process.include_top_n:
by_cpu: 5 # include top 5 processes by CPU
by_memory: 5 # include top 5 processes by memory
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)'
- module: system
period: 15m
metricsets:
- uptime
#- module: system
# period: 5m
# metricsets:
# - raid
# raid.mount_point: '/'步驟3:重啟Metricbeat服務,就可以在Dashboard中的[Metricbeat System] Host overview ECS項目中,就可以看到以下完整的監控儀表板囉!
