Configure Filebeat For Analysing The Log In ELK Stack
Configuration of Filebeat For Analysing, Beats is the platform for Single purpose data shippers. It collects data from thousand of machine and send back to Logstash or Elasticsearch.
You can configure APM Server for application monitoring.
Meet Beats Family
1. Filebeat : It helps you to keep simple things by offering lightweight way to forward and centralize logs & files.
2. MetricBeat : It collects the metrics from your systems and service. It’s a lightweight way to send system and service statitics.
3. PacketBeat : Lightweight Shipper for Network Data. It monitors services and Applications in Real time
4. WinlogBeat : Lightweight Shipper for Windows Event Logs
5. AuditBeat : It Linux audit framework data and monitor the integrity of your files.
6. HeartBeat : Lightweight Shippers for Uptime Monitoring. It Monitor services for their availability with active probing.
7. FuctionBeat : Serverless Shipper for Cloud Data. It Deploys as a function in your cloud provider’s Function-as-a-Service (FaaS) platform to collect, ship, and monitor data from your cloud services.
Important : This should be installed on all the clients only for monitoring the servers.
Step 1 : Copy the SSL Certificates from Server to the clients
scp /etc/pki/tls/certs/logstash-forwarder.crt firstname.lastname@example.org:/etc/pki/tls/certs/
Step 2 : Install the Filebeat on client machine. I have downloaded the rpm package.
yum install filebeat-7.0.0-x86_64.rpm
Step 3 : Configure Filebeat
Filebeat configuration location is edit filebeat.yml
Look for filebeat.inputs: , Here I won’t sent all logs to Logstash or Elasticsearch. I have choose only secure, messages and boot.log
Now look for logstash Output
Start the Service
systemctl start filebeat