安装
代码语言:javascript复制[root@h102 filebeat]# curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.0.1-x86_64.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3622k 100 3622k 0 0 9340 0 0:06:37 0:06:37 --:--:-- 14275
[root@h102 filebeat]# ls
filebeat-1.0.1-x86_64.rpm
[root@h102 filebeat]# sha1sum filebeat-1.0.1-x86_64.rpm
1e9c3e52a9bcd938a2f790bd0f0df728c076ab0e filebeat-1.0.1-x86_64.rpm
[root@h102 filebeat]# du -sh filebeat-1.0.1-x86_64.rpm
3.6M filebeat-1.0.1-x86_64.rpm
[root@h102 filebeat]# rpm -ivh filebeat-1.0.1-x86_64.rpm
Preparing... ########################################### [100%]
1:filebeat ########################################### [100%]
[root@h102 filebeat]# 配置
代码语言:javascript复制[root@h102 filebeat]# tree /etc/filebeat/
/etc/filebeat/
├── filebeat.template.json
└── filebeat.yml
0 directories, 2 files
[root@h102 filebeat]# grep -v "#" /etc/filebeat/filebeat.yml | grep -v "^$"
filebeat:
prospectors:
-
paths:
- /var/log/*.log
input_type: log
registry_file: /var/lib/filebeat/registry
output:
elasticsearch:
hosts: ["localhost:9200"]
shipper:
logging:
files:
[root@h102 filebeat]# vim /etc/filebeat/filebeat.yml
[root@h102 filebeat]# grep -v "#" /etc/filebeat/filebeat.yml | grep -v "^$"
filebeat:
prospectors:
-
paths:
- /var/log/*.log
- /var/log/messages*
input_type: log
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["localhost:5044"]
shipper:
logging:
files:
[root@h102 filebeat]# 在默认配置的基础上加入 /var/log/messages 以监控系统日志
将输出由ES改为了logstash
相关配置详情可以参看 Configuration Options
Note: Make sure a file is not defined more than once across all prospectors because this can lead to unexpected behaviour
