laradock 配置
配置yml
> filebeat.yml
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
# module: nginx
# access:
# var.paths: ["/usr/share/filebeat/logs/laradock/nginx/laravel_access.log"]
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/share/filebeat/logs/laradock/*/*.log
# output.elasticsearch:
# hosts: 'elasticsearch:9200'
# username: '${ELASTICSEARCH_USERNAME:}'
# password: '${ELASTICSEARCH_PASSWORD:}'
output.logstash:
hosts: "logstash:5044"
setup.kibana:
host: "kibana:5601"
设置磁盘映射
### filebeat ###################################################
filebeat:
container_name: filebeat
image: store/elastic/filebeat:7.1.1
command: --strict.perms=false
networks:
- frontend
- backend
volumes:
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- ./logs:/usr/share/filebeat/logs/laradock
启动
docker-compose up -d filebeat kibana logstash elasticsearch
filebeat
输入
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
paths例如需要递归获取日志
/var/*/*.log
输出
output.elasticsearch:
hosts: ["myEShost:9200"]
受保护的情况
cloud.auth: "elastic:YOUR_PASSWORD"
output.elasticsearch:
hosts: ["myEShost:9200"]
username: "filebeat_internal"
password: "YOUR_PASSWORD"
setup.kibana:
host: "mykibanahost:5601"
username: "my_kibana_user"
password: "YOUR_PASSWORD"
测试配置是否可用
我们这里使用的是docker-compose
# 进入filebeat
docker-compose exec filebeat bash
# step1
./filebeat test help
# step2 (查看配置是否可用)
./filebeat test config -e
# step3 (查看输出是否正常)
./filebeat test output -e
启动
./filebeat -e -c filebeat.yml -d "publish"
logstash
新建配置
> first-pipeline.conf
input {
beats {
port => "5044"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
elasticsearch {
hosts => [ "elasticsearch:9200" ]
}
}
启动:
bin/logstash -f ./pipeline/first-pipeline.conf --config.reload.automatic
配置测试
bin/logstash -f ./pipeline/first-pipeline.conf --config.test_and_exit
docker相关辅助命令
停止所有容器
docker kill $(docker ps -q); docker rm $(docker ps -a -q)
参考文章
ELK快速入门(四)filebeat替代logstash收集日志:https://www.lagou.com/lgeduarticle/8898.html
ELK--filebeat详解: https://www.cnblogs.com/kuku0223/p/8316922.html
Docker安装部署ELK教程: (Elasticsearch+Kibana+Logstash+Filebeat):https://www.cnblogs.com/fbtop/p/11005469.html
本文由 邓尘锋 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Mar 22, 2021 at 04:48 pm