SHOW:
|
|
- or go back to the newest paste.
1 | ###################### Filebeat Configuration Example ######################### | |
2 | ||
3 | # This file is an example configuration file highlighting only the most common | |
4 | # options. The filebeat.reference.yml file from the same directory contains all the | |
5 | # supported options with more comments. You can use it as a reference. | |
6 | # | |
7 | # You can find the full configuration reference here: | |
8 | # https://www.elastic.co/guide/en/beats/filebeat/index.html | |
9 | ||
10 | # For more available modules and options, please see the filebeat.reference.yml sample | |
11 | # configuration file. | |
12 | ||
13 | #=========================== Filebeat prospectors ============================= | |
14 | ||
15 | filebeat.prospectors: | |
16 | ||
17 | # Each - is a prospector. Most options can be set at the prospector level, so | |
18 | # you can use different prospectors for various configurations. | |
19 | # Below are the prospector specific configurations. | |
20 | ||
21 | - type: log | |
22 | ||
23 | # Change to true to enable this prospector configuration. | |
24 | enabled: true | |
25 | ||
26 | # Paths that should be crawled and fetched. Glob based paths. | |
27 | paths: | |
28 | - /var/log/*.log | |
29 | #- c:\programdata\elasticsearch\logs\* | |
30 | ||
31 | # Exclude lines. A list of regular expressions to match. It drops the lines that are | |
32 | # matching any regular expression from the list. | |
33 | #exclude_lines: ['^DBG'] | |
34 | ||
35 | # Include lines. A list of regular expressions to match. It exports the lines that are | |
36 | # matching any regular expression from the list. | |
37 | #include_lines: ['^ERR', '^WARN'] | |
38 | ||
39 | # Exclude files. A list of regular expressions to match. Filebeat drops the files that | |
40 | # are matching any regular expression from the list. By default, no files are dropped. | |
41 | #exclude_files: ['.gz$'] | |
42 | ||
43 | # Optional additional fields. These fields can be freely picked | |
44 | # to add additional information to the crawled log files for filtering | |
45 | #fields: | |
46 | # level: debug | |
47 | # review: 1 | |
48 | ||
49 | ### Multiline options | |
50 | ||
51 | # Mutiline can be used for log messages spanning multiple lines. This is common | |
52 | # for Java Stack Traces or C-Line Continuation | |
53 | ||
54 | # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [ | |
55 | #multiline.pattern: ^\[ | |
56 | ||
57 | # Defines if the pattern set under pattern should be negated or not. Default is false. | |
58 | #multiline.negate: false | |
59 | ||
60 | # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern | |
61 | # that was (not) matched before or after or as long as a pattern is not matched based on negate. | |
62 | # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash | |
63 | #multiline.match: after | |
64 | ||
65 | ||
66 | #============================= Filebeat modules =============================== | |
67 | ||
68 | filebeat.config.modules: | |
69 | # Glob pattern for configuration loading | |
70 | #path: ${path.config}/modules.d/*.yml | |
71 | path: /etc/filebeat/modules.d/*.yml | |
72 | ||
73 | # Set to true to enable config reloading | |
74 | reload.enabled: false | |
75 | ||
76 | # Period on which files under path should be checked for changes | |
77 | #reload.period: 10s | |
78 | ||
79 | #==================== Elasticsearch template setting ========================== | |
80 | ||
81 | setup.template.settings: | |
82 | index.number_of_shards: 3 | |
83 | #index.codec: best_compression | |
84 | #_source.enabled: false | |
85 | ||
86 | #================================ General ===================================== | |
87 | ||
88 | # The name of the shipper that publishes the network data. It can be used to group | |
89 | # all the transactions sent by a single shipper in the web interface. | |
90 | name: cryptologger | |
91 | ||
92 | # The tags of the shipper are included in their own field with each | |
93 | # transaction published. | |
94 | #tags: ["service-X", "web-tier"] | |
95 | ||
96 | # Optional fields that you can specify to add additional information to the | |
97 | # output. | |
98 | #fields: | |
99 | # env: staging | |
100 | ||
101 | ||
102 | #============================== Dashboards ===================================== | |
103 | # These settings control loading the sample dashboards to the Kibana index. Loading | |
104 | # the dashboards is disabled by default and can be enabled either by setting the | |
105 | # options here, or by using the `-setup` CLI flag or the `setup` command. | |
106 | setup.dashboards.enabled: true | |
107 | ||
108 | # The URL from where to download the dashboards archive. By default this URL | |
109 | # has a value which is computed based on the Beat name and version. For released | |
110 | # versions, this URL points to the dashboard archive on the artifacts.elastic.co | |
111 | # website. | |
112 | #setup.dashboards.url: | |
113 | ||
114 | #============================== Kibana ===================================== | |
115 | ||
116 | # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. | |
117 | # This requires a Kibana endpoint configuration. | |
118 | setup.kibana: | |
119 | ||
120 | # Kibana Host | |
121 | # Scheme and port can be left out and will be set to the default (http and 5601) | |
122 | # In case you specify and additional path, the scheme is required: http://localhost:5601/path | |
123 | # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 | |
124 | host: "192.168.0.4:5601" | |
125 | ||
126 | #============================= Elastic Cloud ================================== | |
127 | ||
128 | # These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/). | |
129 | ||
130 | # The cloud.id setting overwrites the `output.elasticsearch.hosts` and | |
131 | # `setup.kibana.host` options. | |
132 | # You can find the `cloud.id` in the Elastic Cloud web UI. | |
133 | #cloud.id: | |
134 | ||
135 | # The cloud.auth setting overwrites the `output.elasticsearch.username` and | |
136 | # `output.elasticsearch.password` settings. The format is `<user>:<pass>`. | |
137 | #cloud.auth: | |
138 | ||
139 | #================================ Outputs ===================================== | |
140 | ||
141 | # Configure what output to use when sending the data collected by the beat. | |
142 | ||
143 | #-------------------------- Elasticsearch output ------------------------------ | |
144 | output.elasticsearch: | |
145 | # Boolean flag to enable or disable the output module. | |
146 | enabled: true | |
147 | # Array of hosts to connect to. | |
148 | hosts: ["192.168.0.4:9200"] | |
149 | ||
150 | # Optional protocol and basic auth credentials. | |
151 | #protocol: "https" | |
152 | #username: "elastic" | |
153 | #password: "ZVOlBENEBaO#opnt6jmx" | |
154 | ||
155 | #----------------------------- Logstash output -------------------------------- | |
156 | output.logstash: | |
157 | # Boolean flag to enable or disable the output module. | |
158 | enabled: false | |
159 | ||
160 | # The Logstash hosts | |
161 | hosts: ["192.168.0.4:5044"] | |
162 | ||
163 | # Optional SSL. By default is off. | |
164 | # List of root certificates for HTTPS server verifications | |
165 | #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] | |
166 | ||
167 | # Certificate for SSL client authentication | |
168 | #ssl.certificate: "/etc/pki/client/cert.pem" | |
169 | ||
170 | # Client Certificate Key | |
171 | #ssl.key: "/etc/pki/client/cert.key" | |
172 | ||
173 | #------------------------------- File output ----------------------------------- | |
174 | output.file: | |
175 | # Boolean flag to enable or disable the output module. | |
176 | enabled: false | |
177 | ||
178 | # Path to the directory where to save the generated files. The option is | |
179 | # mandatory. | |
180 | #path: "/tmp/filebeat" | |
181 | ||
182 | # Name of the generated files. The default is `filebeat` and it generates | |
183 | # files: `filebeat`, `filebeat.1`, `filebeat.2`, etc. | |
184 | #filename: myfilebeat | |
185 | ||
186 | # Maximum size in kilobytes of each file. When this size is reached, and on | |
187 | # every filebeat restart, the files are rotated. The default value is 10240 | |
188 | # kB. | |
189 | #rotate_every_kb: 10000 | |
190 | ||
191 | # Maximum number of files under path. When this number of files is reached, | |
192 | # the oldest file is deleted and the rest are shifted from last to first. The | |
193 | # default is 7 files. | |
194 | #number_of_files: 7 | |
195 | ||
196 | #================================ Logging ===================================== | |
197 | ||
198 | # Sets log level. The default log level is info. | |
199 | # Available log levels are: critical, error, warning, info, debug | |
200 | #logging.level: debug | |
201 | ||
202 | # At debug level, you can selectively enable logging only for some components. | |
203 | # To enable all selectors use ["*"]. Examples of other selectors are "beat", | |
204 | # "publish", "service". | |
205 | #logging.selectors: ["*"] |