linux
----------------
1. 下載
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.1-linux-x86_64.tar.g
2. 安裝
tar xf filebeat-5.5.1-linux-x86_64.tar.gz
mkdir /home/elk
mv filebeat-5.5.1-linux-x86_64 /home/elk/filebeat
3. 配置文件
配置文件:cat /home/elk/filebeat/filebeat.yml
filebeat.prospectors:
-
fields: {log_type: "web-proxy-nginx-access"}
paths:
- /data/logs/nginx/access/www2.access.log
-
fields: {log_type: "web-proxy-nginx-error"}
paths:
- /data/logs/nginx/error/www2.error.log
output.kafka:
hosts: ["59.188.25.225:9092"]
topic: 'web-proxy-nginx-log'
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
shipper:
tags: ["web-proxy-nginx-filebeat"]
4.啟動和關閉:
啟動:nohup /home/elk/filebeat/filebeat -e -c /home/elk/filebeat/filebeat.yml &
關閉:kill -9 `ps aux|grep filebeat|head -1|awk -F" " '{print $2}'`
查看進程:ps aux |grep filebeat
window
-------------------
1. 下載
https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.1-windows-x86_64.zip
2. 解壓到C:\Program Files\Filebeat
3. 添加服務
以管理員允許powershell
cd 'C:\Program Files\Filebeat'
set-executionpolicy Unrestricted
.\install-service-filebeat.ps1
set-executionpolicy Restricted
4. 配置文件: filebeat.yml
filebeat.prospectors:
-
fields: {log_type: "web-proxy-nginx-access"}
paths:
- D:\data\www\nginx-1.4.7\logs\web2.access.log
-
fields: {log_type: "web-proxy-nginx-error"}
paths:
- D:\data\www\nginx-1.4.7\logs\web2.error.log
output.kafka:
hosts: ["59.188.25.2xx:9092"]
topic: 'web-proxy-nginx-log'
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
shipper:
tags: ["web-proxy-nginx-filebeat"]
5. 啟動
power shell下執行:Start-Service filebeat
讓filebeat重新全部讀取日志
-------------------------------
filebeat會在data/registry中記錄已經讀取的日志,如果想要filebeat全部重新讀取,刪除data/registry文件,然后重啟filebeat.