操作系统:
| centos版本 | 7.4 |
| 防火墙 | 关闭 |
| selinux | 关闭 |
| filebeat版本 | 6.3.2 |
| java版本 | 1.8 |
| server2 | 192.168.10.128 |
[root@server3 ~]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.2-linux-x86_64.tar.gz
[root@server3 ~]# tar zxf filebeat-6.3.2-linux-x86_64.tar.gz -C /usr/local/
[root@server3 filebeat-6.3.2-linux-x86_64]# vim /etc/hosts
192.168.10.129 kafkazk1
[root@server3 ~]# vim /usr/local/filebeat-6.3.2-linux-x86_64/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/messages
- /var/log/secure
fields:
#log_topic: osmessages
type: osmessages
fuekds_under_root: true
name: "192.168.10.128"
output.kafka:
enabled: true
hosts: ["192.168.10.129:9092"]
version: "0.10"
topic: '%{[fields][log_topic]}'
partition.round_robin:
reachable_only: true
worker: 2
required_acks: 1
compression: gzip
max_message_bytes: 10000000
logging.level: info
[root@server3 ~]# cd /usr/local/filebeat-6.3.2-linux-x86_64/
[root@server3 filebeat-6.3.2-linux-x86_64]# nohup ./filebeat -e -c fields.yml &
[root@server3 filebeat-6.3.2-linux-x86_64]# cat nohup
#Filebeat配置写入到Redis
filebeat.inputs:
- type: log
tail_files: true
backoff: "1s"
paths:
- /usr/local/nginx/logs/access.json.log
fields:
type: access
fields_under_root: true
output:
redis:
hosts: ["192.168.10.129"]
port: 6379
password: '123456'
key: 'access'