To complete as images shown below. Follow all steps on DigitalOcean.com.
 |
| Image from https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04 |
Beats (client) send any logs data to Logstash (Server)
1) Download Beats from Elastic.co and install
$ sudo dpkg -i filebeat_1.2.3_amd64.deb
$ sudo apt-get install -f
-- or --
$ sudo echo "deb https://packages.elastic.co/beats/apt stable main" | sudo tee -a /etc/apt/sources.list.d/beats.list
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ sudo apt-get update
$ sudo apt-get install filebeat
2) Configure Filebeats
Remote copy public key from Logstash container
nutt@nutt-pc:~/pki/tls/certs$ scp ubuntu@10.0.2.41:docker/logstash/config/pki/tls/certs/logstash-forwarder.crt . logstash-forwarder.crt 100% 1229 1.2KB/s 00:00 nutt@nutt-pc:~/pki/tls/certs$ ls logstash-forwarder.crt
sudo vi /etc/filebeat/filebeat.yml
filebeat:
prospectors:
paths:
- /var/log/auth.log
- /var/log/syslog
#- /var/log/*.log
document_type: syslog
output:
#elasticsearch:
logstash:
hosts: ["10.0.2.41:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/home/nutt/pki/tls/certs/logstash-forwarder.crt"]
** Please aware using tab character in yml file may be failed running
No comments:
Post a Comment