下载filebeat
# curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.7.0-linux-x86_64.tar.gz创建数据目录
# mkdir -pv /data/apps/filbeat/{data,logs}安装filebeat
# tar xzvf filebeat-8.7.0-linux-x86_64.tar.gz -C /usr/local/
# ln -sv /usr/local/filebeat-8.7.0-linux-x86_64 /usr/local/filebeatfilebeat.service
[Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/beats/filebeat
Wants=network-online.target
After=network-online.target
[Service]
UMask=0027
Environment="GODEBUG='madvdontneed=1'"
Environment="BEAT_LOG_OPTS="
Environment="BEAT_CONFIG_OPTS=-c /usr/local/filebeat/filebeat.yml"
Environment="BEAT_PATH_OPTS=--path.home /usr/local/filebeat --path.config /usr/local/filebeat --path.data /data/apps/filebeat/data --path.logs /data/apps/filebeat/logs"
ExecStart=/usr/local/filebeat/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=always
[Install]
WantedBy=multi-user.targetfilebeat.yml
filebeat.inputs:
- type: filestream
enabled: true
id: my-filestream-id
paths:
- /var/log/system.log
- /var/log/wifi.log
- type: filestream
enabled: true
id: apache-filestream-id
paths:
- "/var/log/apache2/*"
fields:
apache: true
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: true
# Period on which files under path should be checked for changes
#reload.period: 10s
output.elasticsearch:
hosts: ["https://myEShost:9200"]
username: "filebeat_internal"
password: "YOUR_PASSWORD"
ssl:
enabled: true
ca_trusted_fingerprint: "b9a10bbe64ee9826abeda6546fc988c8bf798b41957c33d05db736716513dc9c"
setup.kibana:
host: "mykibanahost:5601"
username: "my_kibana_user"
password: "{pwd}"收集数据模块
查看可用的模块
# filebeat modules list启用模块
# /usr/local/filebeat/filebeat modules enable nginx
Enabled nginx修改nginx模块
# cat modules.d/nginx.yml# Module: nginx
# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nginx.html
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/var/log/nginx/access.log*"]
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/var/log/nginx/access.log*"]
# Ingress-nginx controller logs. This is disabled by default. It could be used in Kubernetes environments to parse ingress-nginx logs
ingress_controller:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
参考文档
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
标签:paths,filebeat,log,8.7,ubuntu22.04,nginx,usr,local From: https://www.cnblogs.com/wangguishe/p/17306645.html