1分钟系列-Filebeat 模块之 Nginx 配置使用

cd /usr/local/filebeat-7.6.2-linux-x86_64
# 查看支持哪些模块./filebeat modules listEnabled:
Disabled:activemqapacheauditdawsazurecefciscocorednselasticsearchenvoyproxygooglecloudhaproxyibmmqicingaiisiptableskafkakibanalogstashmispmongodbmssqlmysqlnatsnetflownginxosquerypanwpostgresqlrabbitmqredissantasuricatasystemtraefikzeek

# 启动./filebeat modules enable nginx
# 输出，说明 nginx 模块已可用Enabled nginx
# 禁用./filebeat modules disable nginx

cd modules.d/ls -al
-rw-r--r-- 1 root root  483 Mar 26 01:23 activemq.yml.disabled-rw-r--r-- 1 root root  475 Mar 26 01:23 apache.yml.disabled-rw-r--r-- 1 root root  280 Mar 26 01:23 auditd.yml.disabled-rw-r--r-- 1 root root 3064 Mar 26 01:23 aws.yml.disabled-rw-r--r-- 1 root root 1382 Mar 26 01:23 azure.yml.disabled-rw-r--r-- 1 root root  200 Mar 26 01:23 cef.yml.disabled-rw-r--r-- 1 root root 1978 Mar 26 01:23 cisco.yml.disabled-rw-r--r-- 1 root root  318 Mar 26 01:23 coredns.yml.disabled-rw-r--r-- 1 root root  964 Mar 26 01:23 elasticsearch.yml.disabled-rw-r--r-- 1 root root  327 Mar 26 01:23 envoyproxy.yml.disabled-rw-r--r-- 1 root root 2019 Mar 26 01:23 googlecloud.yml.disabled-rw-r--r-- 1 root root  376 Mar 26 01:23 haproxy.yml.disabled-rw-r--r-- 1 root root  295 Mar 26 01:23 ibmmq.yml.disabled-rw-r--r-- 1 root root  651 Mar 26 01:23 icinga.yml.disabled-rw-r--r-- 1 root root  470 Mar 26 01:23 iis.yml.disabled-rw-r--r-- 1 root root  366 Mar 26 01:23 iptables.yml.disabled-rw-r--r-- 1 root root  398 Mar 26 01:23 kafka.yml.disabled-rw-r--r-- 1 root root  293 Mar 26 01:23 kibana.yml.disabled-rw-r--r-- 1 root root  471 Mar 26 01:23 logstash.yml.disabled-rw-r--r-- 1 root root  300 Mar 26 01:23 misp.yml.disabled-rw-r--r-- 1 root root  296 Mar 26 01:23 mongodb.yml.disabled-rw-r--r-- 1 root root  311 Mar 26 01:23 mssql.yml.disabled-rw-r--r-- 1 root root  471 Mar 26 01:23 mysql.yml.disabled-rw-r--r-- 1 root root  287 Mar 26 01:23 nats.yml.disabled-rw-r--r-- 1 root root  214 Mar 26 01:23 netflow.yml.disabled-rw-r--r-- 1 root root  472 Mar 26 01:23 nginx.yml-rw-r--r-- 1 root root  495 Mar 26 01:23 osquery.yml.disabled-rw-r--r-- 1 root root  356 Mar 26 01:23 panw.yml.disabled-rw-r--r-- 1 root root  305 Mar 26 01:23 postgresql.yml.disabled-rw-r--r-- 1 root root  343 Mar 26 01:23 rabbitmq.yml.disabled-rw-r--r-- 1 root root  566 Mar 26 01:23 redis.yml.disabled-rw-r--r-- 1 root root  266 Mar 26 01:23 santa.yml.disabled-rw-r--r-- 1 root root  299 Mar 26 01:23 suricata.yml.disabled-rw-r--r-- 1 root root  477 Mar 26 01:23 system.yml.disabled-rw-r--r-- 1 root root  302 Mar 26 01:23 traefik.yml.disabled-rw-r--r-- 1 root root 1294 Mar 26 01:23 zeek.yml.disabled

[root@localhost filebeat-7.6.2-linux-x86_64]# vi filebeat-nginx-es.ymlfilebeat.inputs:- type: log  enabled: true  paths:    - /usr/local/nginx/logs/*.logsetup.template.settings:  index.number_of_shards: 3output.elasticsearch:  hosts: ["192.168.111.238:9200",  "192.168.111.239:9200",  "192.168.111.240:9200"]processors:  - add_host_metadata: ~  - add_cloud_metadata: ~
# 加载 modulefilebeat.config.modules:  path: ${path.config}/modules.d/*.yml  reload.enabled: false

./filebeat -e -c filebeat-nginx-es.yml

wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-user-agent/ingest-user-agent-6.6.1.zipwget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-geoip/ingest-geoip-6.6.1.zip
bin/elasticsearch-plugin install file:///usr/local/src/ingest-user-agent-6.6.1.zip bin/elasticsearch-plugin install file:///usr/local/src/ingest-geoip-6.6.1.zip
# 查看已经安装的插件bin/elasticsearch-plugin list