[ELK Stack] 구성하기 (4) - Filebeat 설치

📌 설치

4. Beats (📢 root 권한으로 실행)

  (1) FileBeat 다운 & 압축 풀기

    - https://www.elastic.co/kr/downloads/beats/filebeat 접속해서 LINUX X86_64 링크 주소 복사 클릭

 

    - root 계정으로 전환한다.

exit

 

    - elastic 폴더로 이동해서 wget으로 파일 다운

cd /home/elastic/
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.15.1-linux-x86_64.tar.gz

 

    - 압축 해제

tar -xvzf filebeat-7.15.1-linux-x86_64.tar.gz

 

 

  (2) filebeat.yml 수정

    - filebeat.yml 파일을 수정한다.

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /home/elastic/log/*

.
.
.

# ---------------------------- Elasticsearch Output ----------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  # hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["192.168.137.101:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

 

  (3) 실행

    - Filebeat를 실행한다.

./filebeat -e -c filebeat.yml

 

    - Kibana -> Stack Management -> Data -> Index Management

    - filebeat.yml path에 있던 파일이 적재되었음을 확인할 수 있다.