使用filebeat接收rsyslog的日志

安装

下载好rpm包后直接安装

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.7.0-x86_64.rpm
sudo rpm -vi filebeat-7.7.0-x86_64.rpm

编辑配置

vim /etc/filebeat/filebeat.yml

output.elasticsearch:
  hosts: ["<es_url>"]
  # username: "elastic"
  # password: "<password>"
setup.kibana:
  host: "<kibana_url>"

启用system模块,并编辑配置

sudo filebeat modules enable system

vim /etc/filebeat/filebeat.yml


filebeat.inputs:

- type: log
  paths:
    - /var/log/symantec/*.log
    
setup.kibana:
  host: "localhost:5601"
  
output.elasticsearch:
  hosts: ["localhost:9200"]

启动 Filebeat

filebeat setup
service filebeat start

posted @ 2020-12-21 09:11 带着泥土阅读(666) 评论(0) 收藏举报

刷新页面返回顶部