[리눅스] Filebeat 설치하는 방법

Filebeat 설치하는 방법

패키지 저장소 업데이트

sudo apt-get update

Filebeat 패키지 설치

yum install --enablerepo=elasticsearch -y filebeat

Filebeat 설정 파일을 확인

$ cat /etc/filebeat/filebeat.yml | egrep -v '^$|#'
filebeat.inputs:
- type: filestream
  id: my-filestream-id
  enabled: false
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
  hosts: ["localhost:9200"]
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

Filebeat 설정 파일을 편집

vim /etc/filebeat/filebeat.yml

output.elasticsearch:
  hosts: ["your_elasticsearch_host:9200"]

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /path/to/your/logs/*.log

systemctl --now enable filebeat.service

systemctl status filebeat.service

사용 가능한 모듈 목록 확

filebeat modules list

$ filebeat modules list
Enabled:

Disabled:
activemq
apache
auditd
aws
awsfargate
azure
...

elasticsearch 모듈 구성을 활성화

filebeat modules enable elasticsearch

$ filebeat modules enable elasticsearch
Enabled elasticsearch

kibana 모듈 구성을 활성화

filebeat modules enable kibana

$ filebeat modules enable kibana
Enabled kibana

Filebeat 설정 파일을 편집

filebeat_system 계정 생성

vim /etc/filebeat/filebeat.yml

...
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "filebeat_system"
  password: "filebeat_system"

  ssl.certificate_authorities: ["/etc/elasticsearch/certs/http_ca.crt"]
  ...

filebeat test output

$ filebeat test output
elasticsearch: https://localhost:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 8.6.2

Filebeat load

filebeat setup -e

$ filebeat setup -e
{"log.level":"info","@timestamp":"2023-03-20T15:22:55.612+0900","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"}
...
Loading dashboards (Kibana must be running and reachable)
{"log.level":"info","@timestamp":"2023-03-20T16:01:50.260+0900","log.logger":"kibana","log.origin":{"file.name":"kibana/client.go","file.line":179},"message":"Kibana url: http://localhost:5601","service.name":"filebeat","ecs.version":"1.6.0"}

Filebeat 시작

systemctl restart filebeat.service

참고URL

- filebeat 설치하는 방법 : https://www.elastic.co/guide/en/beats/filebeat/8.6/setup-repositories.html

- Elasticsearchit을 통한 안전한 통신 : https://www.elastic.co/guide/en/beats/filebeat/8.6/securing-communication-elasticsearch.html

728x90

저작자표시 비영리

'리눅스' 카테고리의 다른 글

[리눅스] core 파일을 분석하는 방법 (0)	2023.03.24
Siege를 설치 및 사용하는 방법 (0)	2023.03.22
[리눅스] Ubuntu 환경에서 Elasticsearch와 Kibana를 설치하고 연동하는 방법(single node) (0)	2023.03.20
ABRT(Automated Bug Reporting Tool)에 의한 문제(problem)를 감지 (0)	2023.03.20
find 명령어 (0)	2023.03.20