在CentOS上安装和配置Filebeat的步骤如下:
添加Elastic官方YUM仓库:
sudo tee /etc/yum.repos.d/elastic-beats.repo <<EOF
[elastic-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
安装Filebeat:
sudo yum install filebeat
启动并启用Filebeat服务:
sudo systemctl start filebeat
sudo systemctl enable filebeat
验证安装:
sudo systemctl status filebeat
下载Filebeat RPM包:
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.15.0-amd64.rpm
安装Filebeat:
sudo rpm -ivh filebeat-7.15.0-amd64.rpm
启动并启用Filebeat服务:
sudo systemctl start filebeat
sudo systemctl enable filebeat
验证安装:
sudo systemctl status filebeat
编辑配置文件:
sudo vi /etc/filebeat/filebeat.yml
基本配置示例:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["localhost:9200"]
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
重启Filebeat服务:
sudo systemctl restart filebeat
检查Filebeat状态:
sudo systemctl status filebeat
查看Filebeat日志:
sudo journalctl -u filebeat -f
监控文件变化:
filebeat.autodiscover:
providers:
- type: kubernetes
nodes: ${NODES}
hints.enabled: true
hints.default_config:
type: container
paths:
- /var/lib/docker/containers/{data.kubernetes.container.id}/*.log
日志处理:
processors:
- add_host_metadata: {}
- add_cloud_metadata: {}
输出到Elasticsearch:
output.elasticsearch:
hosts: ["localhost:9200"]
index: "filebeat-%{yyyy.MM.dd}"
通过以上步骤,你应该能够在CentOS上成功安装、配置并使用Filebeat来收集日志数据。