Cómo instalar Filebeat

En este post os vamos a enseñar cómo instalar Filebeat, necesario para enviar datos a Logstash para analizarlos con Kibana.

# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
# echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
# apt-get update
# apt-get install filebeat
# cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.bkp
# echo > /etc/filebeat/filebeat.yml

filebeat:
  prospectors:
    -
      paths:
        - /var/log/syslog
      input_type: log
      document_type: syslog
    -
      paths:
        - /var/log/auth.log
      input_type: log
      document_type: authlog
    -
      paths:
        - /var/log/apache2/access.log
      input_type: log
      document_type: apache-access
    -
      paths:
        - /var/log/apache2/error.log
      input_type: log
      document_type: apache-error
    -
      paths:
        - /var/log/nginx/access.log
        - /var/log/nginx/error.log
      input_type: log
      document_type: nginx-access
    -
      paths:
        - /var/log/mysql/error.log
      input_type: log
      document_type: mysql-error
    -
      paths:
        - /var/log/mysql/mysql-slow.log
      multiline:
        pattern: "^# User@Host: "
        negate: true
        match: after
      input_type: log
      document_type: mysql-slow
output:
  logstash:
    hosts: ["IP-Privada:5044"]

Ahora arrancaremos Filebeat y configuraremos que arranque automáticamente al reiniciar el servidor.
# systemctl start filebeat
# systemctl enable filebeat

To write a comment on this article, fill out the form below. Fields marked with an asterisk (*) are required.