二进制部署

部署

# https://www.elastic.co/downloads/past-releases/filebeat-7-17-5
cd /elk/software/filebeat/

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.5-linux-x86_64.tar.gz

tar xf filebeat-7.17.5-linux-x86_64.tar.gz

cd filebeat-7.17.5-linux-x86_64

ln -svf $(pwd)/filebeat /usr/local/bin/

filebeat -h

配置

案例 - stdin

# mkdir config
# vim config/01-stdin-to-console.yaml
filebeat.inputs:
  - type: stdin

output.console:
    pretty: true

案例 - tcp

# vim  config/02-tcp-to-console.yaml
filebeat.inputs:
- type: tcp
  max_message_size: 10MiB
  host: "192.168.1.29:9000"

output.console:
    pretty: true

# 测试
nc 192.168.1.29 9000
telnet 192.168.1.29 9000

案例 - log

# vim config/03-log-to-console.yaml
filebeat.inputs:
- type: log
  paths:
    - /var/log/messages
    - /var/log/*.log
    # 递归匹配（含/tmp及/tmp所有子目录）
    - /tmp/**/*.log

output.console:
    pretty: true

启动实例

filebeat -e -c config/01-stdin-to-console.yaml

PreviousFilebeat Nextdoc

Last updated 7 months ago