ELK日志分析平台中filebeat和packbeat的使用
ELK日志分析平台中filebeat和packbeat的使用
在上一篇文章CentOS7下ELK日志分析平台的简单搭建步骤的基础下,下面介绍filebeat和packetbeat的安装与使用
1、filebeat的安装与配置
rpm -ivh 进行安装rpm -ivh filebeat-7.3.0-x86_64.rpm
vi /etc/filebeat/filebeat.yml
enabled: true使能开启
host: "localhost:5601"指定Kibana的端主机IP+Port
vi /etc/filebeat/filebeat.reference.yml 如下两处设置使能
syslog:
enabled: true
auth:
enabled: true
指定Kibana的端主机IP+Port
[root@vm ~]# systemctl enable filebeat
[root@vm ~]# systemctl start filebeat
[root@vm ~]# curl localhost:9200/_cat/indices?v
curl localhost:9200/filebeat-7.3.0-2019.08.18-000001/_search?pretty
接下来在Kibana上可以查询到filebeat推送上来的日志索引
当然也可以使用 filebeat setup --dashboards将filebeat搜集的数据导入到dashboards
2、packetbeat的安装与配置
rpm -ivh packetbeat-7.3.0-x86_64.rpm
vi /etc/packetbeat/packetbeat.yml
host: "localhost:5601"
vi /etc/packetbeat/packetbeat.reference.yml
同样Kibana处也配置为host: "localhost:5601"
设置packetbeat开机自启动并启动packetbeat服务
systemctl enable packetbeat
systemctl start packetbeat
curl localhost:9200/_cat/indices?v
curl localhost:9200/packetbeat-7.3.0-2019.08.18-000001/_search?pretty
packetbeat setup --dashboards
将packetbeat中的数据导入到Dashboard中
在Kibana的DashBoards中搜索Packetbeat
可以看到该主机的流量统计情况
