1、filebeat配置

1.1、编辑filebeat文件

#vim filebest.yml

#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so

# you can use different inputs for various configurations.

# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.

  enabled: true    //修改成rue，才会收集日志

  # Paths that should be crawled and fetched. Glob based paths.

  paths:

    - /usr/local/nginx/logs/access.log  //指定日志文件

    #- c:\programdata\elasticsearch\logs\*

#================================ Outputs =====================================

# Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------

#output.elasticsearch:        //注释掉

  # Array of hosts to connect to.  //注释掉

  #hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.

  #protocol: "https"

  # Authentication credentials - either API key or username/password.

  #api_key: "id:api_key"

  #username: "elastic"

  #password: "changeme"

#----------------------------- Logstash output --------------------------------

output.logstash:      //开启

  # The Logstash hosts

  hosts: 106.13.131.148:6124  //设置IP和端口

  # Optional SSL. By default is off.

  # List of root certificates for HTTPS server verifications

  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication

  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key

  #ssl.key: "/etc/pki/client/cert.key"

1.2、运行

前台运行  ./filebeat

后台运行: screen -d -m ./filebeat  -c filebeat.yml -d run.log  //screen命令需要使用yum install screen安装

1.3、日志监控

#tail -f log/filebeat  查看日志

访问地址：http://ip:5601

时钟同步

0-59/10 * * * * /usr/sbin/ntpdate ntp6.aliyun.com

后台启动  setsid ./filebeat -c ./filebeat.yml  -e

后台启动参考：https://blog.csdn.net/zzb0413/article/details/106252253/