一文吃透企业级elk技术栈：6. filebeat安装配置-阿里云开发者社区

一文吃透企业级elk技术栈：6. filebeat安装配置

2024-08-20 36

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

本文涉及的产品

RDS MySQL Serverless 基础系列，0.5-2RCU 50GB

云原生内存数据库 Tair，内存型 2GB

云数据库 Redis 版，标准版 2GB

简介： 一文吃透企业级elk技术栈：6. filebeat安装配置

六、filebeat安装配置

# 下载安装包
wget  https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.9.2-x86_64.rpm
# 安装
yum install -y filebeat-7.9.2-x86_64.rpm
# 创建多配置文件保存目录
mkdir  /etc/filebeat/conf.d/
# 启动
systemctl enable filebeat.service 
systemctl start filebeat.service

基础配置

vim /etc/filebeat/filebeat.yml 
filebeat.config.inputs:
  enabled: true
  # 配置多配置文件路径
  path: /etc/filebeat/conf.d/*.yml
processors:
  - drop_fields:
      fields: ["source","input","beat","prospector","offset"]
# 区分日志来自哪台主机      
name: 10.10.8.166
# 本地测试使用是否能获取到日志
#output.file:
#  path: "/tmp/filebeat"
#  filename: filebeat
output:
  # 输出到kafka
  kafka:
    hosts: ["10.10.8.164:9092", "10.10.8.165:9092", "10.10.8.166:9092"]
    topic: elktest

1、mysql日志抓取

vim  /etc/filebeat/conf.d/mysql.yml 
# mysql 慢日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
  # 多实例推送
  - /var/log/mariadb/mysql-slow.log
  - /var/log/mariadb/mysql3307-slow.log
  tags: ["mysql-slow-logs"]
  # 排除列
  exclude_lines: ['^\# Time']
  fields:
    # 配置logstash区分
    type: "mysql-slow-logs"
  fields_under_root: true
  multiline:
    # 多行匹配
    pattern: '^\# Time|^\# User'
    negate: true
    match: after
# mysql 错误日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
  # 多实例推送
  - /var/log/mariadb/mariadb3307.log
  - /var/log/mariadb/mariadb.log
  tags: ["mysql-err-logs"]
  fields:
    # 配置logstash区分
    type: "mysql-err-logs"
  fields_under_root: true
# 重启filebeat
systemctl restart filebeat.service

2、系统日志抓取

vim  /etc/filebeat/conf.d/system.yml 
# 系统messages日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/messages
  tags: ["system-messages-logs"]
  fields:
    # 配置logstash区分
    type: "system-messages-logs"
  fields_under_root: true
# 系统secure日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/secure
  tags: ["system-secure-logs"]
  fields:
    # 配置logstash区分
    type: "system-secure-logs"
  fields_under_root: true

3、nginx 日志抓取

vim  /etc/filebeat/conf.d/nginx.yml 
# nginx access 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/nginx/access.log
  tags: ["nginx-access-logs"]
  fields:
    # 配置logstash区分
    type: "nginx-access-logs"
  fields_under_root: true
# nginx error 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/nginx/error.log
  tags: ["nginx-error-logs"]
  fields:
    # 配置logstash区分
    type: "nginx-error-logs"
  fields_under_root: true

4、httpd 日志抓取

vim /etc/filebeat/conf.d/httpd.yml
# httpd access 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/httpd/access_log
  tags: ["httpd-access-logs"]
  fields:
    # 配置logstash区分
    type: "httpd-access-logs"
  fields_under_root: true
# httpd error 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/httpd/error_log
  tags: ["httpd-error-logs"]
  fields:
    # 配置logstash区分
    type: "httpd-error-logs"
  fields_under_root: true

5、php 日志抓取

vim  /etc/filebeat/conf.d/php.yml 
# php error 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/php-fpm/error.log
  tags: ["php-error-logs"]
  fields:
    # 配置logstash区分
    type: "php-error-logs"
  fields_under_root: true

6、redis日志抓取

vim /etc/filebeat/conf.d/redis.yml 
# redis error 日志推送
- type: log
  tail_files: true
  backoff: "1s"
  paths:
   - /var/log/redis/redis.log
  tags: ["redis-error-logs"]
  fields:
    # 配置logstash区分
    type: "redis-error-logs"
  fields_under_root: true

一文吃透企业级elk技术栈：6. filebeat安装配置

六、filebeat安装配置

热门文章

最新文章

相关课程

相关电子书

相关实验场景