![]() Verify that the NGINX modules was actually enable.Ls -la /usr/share/filebeat/modules.d | grep apache rwxrwxrwx 1 root root 12225 Feb 21 03:47 error.log rwxrwxrwx 1 root root 9634840 Feb 21 03:47 access.log usr/share/filebeat# ls -la /var/log/apache2/ Restart the container and verify that the logs and module configuration was actually mounted: docker exec -ti filebeat /bin/bash v /var/log/apache2:/var/log/apache2:ro \ v /var/run/docker.sock:/var/run/docker.sock:ro \ v /var/lib/docker/containers:/var/lib/docker/containers:ro \ v /opt/beats/config/apache.yml:/usr/share/filebeat/modules.d/apache.yml \ v /opt/beats/config/filebeat.yml:/usr/share/filebeat/filebeat.yml \ Save this file under apache.yml next to your filebeat.yml and mount it into the modules.d configuration folder - the complete docker command now looks like this: docker run -d \ The template configuration is located inside the Filebeat container under /usr/share/filebeat/modules.d/: nano /opt/beats/config/apache.yml The Apache logs might be found in the /var/log/apache2 directory - depending on your Apache configuration: -v /var/log/apache2:/var/log/apache2:roĪnd secondly, we need to mount our module configuration file. The beat configuration file must belong to the root user and all write permissions for other users must be revoked: chown root:root /opt/beats/config/filebeat.ymlĬhmod go-w /opt/beats/config/filebeat.ymlĮnable and configure Data Collection Modules Prepare the Filebeat Container to Ingest Apache Logs ![]() ELASTIC_PASSWORD: 'a1hyme+ry1-AltBfpqxY'. Note: If you set up Elasticsearch according to this guide, you will have a different elastic user password - e.g. Path: $/modules.d/*.yml # enable all modules (nginx, kafka, redis, etc)įtodiscover: # auto-discover tagged docker container This simplifies the configuration to: nano /opt/beats/config/filebeat.yml I am just going to use CLI flags to mount the docker socket as volumes. Mount the entire /var/run directory (instead of just the socket).Restart Filebeat every time Docker is restarted.If Docker daemon is restarted the mounted socket will become invalid and metadata will stop working, in these situations there are two options: Because the user must be part of the docker group in order to access /var/run/docker.sock, root access is required if Filebeat is running as non-root inside the container. To avoid privilege issues, you may also need to add -user=root to the docker run flags. For example:ĭocker run -v /var/run/docker.sock:/var/run/docker.sock. You can do this by mounting the socket inside the container. When running Filebeat in a container, you need to provide access to Docker’s unix socket in order for the add_docker_metadata processor to work. I will create a folder: mkdir -p /opt/beats/config/Īnd continue working from there. Running Filebeat with the setup command will create the index pattern and load visualizations, dashboards, and machine learning jobs. Start by pulling the a fresh version of Filebeat: docker pull elastic/filebeat:8.0.0 Prepare the Filebeat Container to Ingest Apache Logs.Enable and configure Data Collection Modules.Next, I installed Kibana, Logstash & ElasticSearch on another AWS EC2 instance.Elasticsearch v8, Filebeat (Docker) and Apache # The Logstash hosts, elk_server_ip is the public ip address of the instance (ELK server) I installed Filebeat based on the instruction and the filebeat.yml is: This is the first time I use Filebeat, and I learned some basic knowledge of ELK from the online tutorial.īasically, I would like to pass the log information from the web-tier instance to the ELK server instance on Amazon Web Service EC2.įirst, I set up my Tomcat server on a web-tier instance (AWS EC2), and the Tomcat server has generated several txt log files stored in /opt/tomcat/logs/
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |