Filebeat 설치
참고 : https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.5.2-amd64.deb
sudo dpkg -i filebeat-8.5.2-amd64.deb
Filebeat.yml 설정
- type: log
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "localhost:5601"
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
filebeat 실행
systemctl daemon-reload
filebeat setup -e
systemctl start filebeat
systemctl enable filebeat
curl localhost:9200/_cat/indices?v (전송 체크)
journalctl -u filebeat -f (LOG 체크)
Kibana에서 확인
http://3.38.138.101:5601/ -> Discover
에러
module kibana is configured but has no enabled filesets
위 같은 에러가 뜰 떄
filebeat modules listfilebeat enabled 확인 후 안되어 있으면
filebeat modules enable nginx/etc/filebeat/modules.d/ -> vim kibana.yml
- module: kibana
# Server logs
log:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Audit logs
audit:
enabled: true