Filebeat是本地文件的日志数据采集器,可监控日志目录或特定日志文件(tail file),并将它们转发给Elasticsearch或Logstatsh进行索引、kafka等。带有内部模块(auditd,Apache,Nginx,System和MySQL),可通过一个指定命令来简化通用日志格式的收集,解析和可视化。
官方网址:https://www.elastic.co/guide/en/beats/filebeat/current/index.html
提前安装卡夫卡:(安装步骤) https://blog.csdn.net/RoninLJH/article/details/107028599 每个需收集的节点都需要安装
配置yum源
[root@localhost ~]# vim /etc/yum.repos.d/filebeat.repo [filebeat-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md安装filebeat
[root@localhost ~]# yum -y install filebeat [root@localhost ~]# cd /etc/filebeat/ [root@localhost filebeat]# mv filebeat.yml filebeat.yml.bek [root@localhost filebeat]# vim filebeat.yml ------------------------------------------- filebeat.inputs: - type: log enabled: true paths: - /var/log/messages output.kafka: enabled: true hosts: ["192.168.33.143:9092","192.168.33.144:9092","192.168.33.145:9092"] topic: messages -----------------------------------------------创建一个名为messages的topic:(提前安装kafka)
[root@localhost ~]# /usr/local/kafka/bin/kafka-topics.sh --create --zookeeper 192.168.33.143:2181 --replication-factor 2 --partitions 3 --topic messages #查看 [root@localhost src]# /usr/local/kafka/bin/kafka-topics.sh --list --zookeeper 192.168.33.143:2181 messages开启filebeat
[root@localhost ~]# systemctl enable filebeat [root@localhost ~]# systemctl start filebeat查看日志信息有没有报错
[root@localhost ~]# tailf /var/log/filebeat/filebeat