四、部署filebeat
我這里用的是filebeat-7.3.2
1、下載rpm包
wget https://mirrors.huaweicloud.com/filebeat/7.3.2/filebeat-7.3.2-x86_64.rpm yum -y install filebeat-7.3.2-x86_64.rpm
2、修改配置文件
我這里采集的是nginx的日志,都在/data0/logs下,以xxx.access.log命名的日志文件
# cat /etc/filebeat/filebeat.yml | grep -v -E "^#|^$|^ #" filebeat.inputs: - type: log paths: - /data0/logs/*.access.log # /data0/logs/<projectname>.log 這里寫自己的日志目錄 close_inactive: 24h exclude_files: ['/data0/logs/collection.access.log'] #排除文件,也就是不采集的日志文件 filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false setup.template.settings: index.number_of_shards: 3 setup.kibana: output.kafka: hosts: ["192.168.1.10:9092", "192.168.1.11:9092", "192.168.1.12:9092"] topic: 'nginx-access-log' partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 processors: - add_host_metadata: ~ - add_cloud_metadata: ~
3、啟動服務並開機自啟
systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat
4、驗證kafka的topic有沒有消息
在kafka服務器上執行
export JMX_PORT=10058 && /usr/local/kafka_2.12-2.3.0/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic nginx-access-log
有信息輸出則filebeat已經成功將日志推送到kafka
filebeat部署到此就結束了。