Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1/Config logstash
- => vi conf.d/filebeat-input.conf
- input {
- beats {
- port => 5044
- ssl => true
- ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
- ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
- }
- }
- => vi conf.d/syslog-filter.conf
- filter {
- if [type] == "syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{host}" ]
- }
- date {
- match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- }
- }
- }
- => vi conf.d/output-elasticsearch.conf
- output {
- elasticsearch { hosts => ["localhost:9200"]
- hosts => "localhost:9200"
- manage_template => false
- index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
- document_type => "%{[@metadata][type]}"
- }
- }
- 2/ Config filebeat
- => filebeat.yml
- cat > /etc/filebeat/filebeat.yml << EOF
- filebeat:
- prospectors:
- -
- paths:
- - /var/log/*.log
- encoding: utf-8
- input_type: log
- fields:
- level: debug
- document_type: type
- registry_file: /var/lib/filebeat/registry
- setup.kibana;
- hosts: "192.168.10.86:5601"
- output:
- logstash:
- hosts: ["127.0.0.1:5044"]
- worker: 1
- bulk_max_size: 2048
- logging:
- to_syslog: false
- to_files: true
- files:
- path: /var/log/filebeat
- name: filebeat
- rotateeverybytes: 1048576000 # = 1GB
- keepfiles: 7
- selectors: ["*"]
- level: info
- EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement