ELK Lesson 16:Filebeat基本設定
設定Filebeat
步驟1:移動至設定檔目錄。
$ cd /etc/filebeat
檔案說明:
# | 檔案/目錄 | 用途 |
1 | fileds.yml | 資料輸出模板 |
2 | filebeat.yml | Filebeat設定檔 |
3 | modules.d/*.yml | 不同輸入模組的定義檔 |
步驟2:設定Filebeat輸出至Logstash,再轉存至Elasticsearch,Logstash設定請參考【ELK Lesson 14:Metricbeat透過Logstash傳送資料到Elasticsearch】。
# ------------------------------ Logstash Output -------------------------------
output.logstash:
# The Logstash hosts
hosts: ["lab-elk-3.example.com:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
指定Logstash的Host,將之後收到的資料全部藉由Logstash轉送至Elasticsearch。
步驟3:啟動Filebeat。
$ sudo systemctl start filebeat
$ sudo systemctl enable filebeat
~ END ~