ElasticSearch 5.5.0之 filebeat-04

1.下载安装filebeat

cd /usr/local/src/
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.0-x86_64.rpm
rpm -ivh filebeat-5.5.0-x86_64.rpm

 2.创建目录,修改启动脚本

mkdir /etc/filebeat/{log,data}

vim /etc/init.d/filebeat
#args="-c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
# 修改为
args="-c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /etc/filebeat/data -path.logs /etc/filebeat/log"

 3.编辑配置文件

vim /etc/filebeat/filebeat.yml
#=========================== Filebeat prospectors =============================

filebeat.prospectors:
# nginx访问日志
- input_type: log
  paths:
    - /usr/local/nginx/logs/access.log
  document_type: nginxaccess
  # 文件末尾读取文件
  #tail_files: true
  #json.keys_under_root：true
  #json.add_error_key：true

# nginx中zabbix日志
- input_type: log
  paths:
    - /usr/local/nginx/logs/zabbix_access.log
  document_type: nginxzabbix


#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["10.1.8.33:5044"]

#------------------------------drop fields-------------------------------------
# 删除以下字段
processors:
- drop_fields:
    fields: ["input_type","beat.hostname","beat.name","beat.version","offset"]

#------------------------------end---------------------------------------------

 4.语法检查

/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -configtest

 5.防火墙配置（额外）

yum install iptables-services

systemctl start iptables.service
systemctl stop iptables.service
systemctl restart iptables.service　　
systemctl enable iptables.service


systemctl status firewalld.service 	#检测是否开启了firewall
systemctl stop firewalld.service 	#关闭firewall
sytsemctl disable firewalld.service 	#禁止firewall开机自启