型号:Raspberry PI 3B
树莓派系统:Ubuntu MATE 16.04
ELK版本:都是5.0版本
之前没有注意到这个问题,使用树莓派时发现预置源里没有相关的东西,才感觉到是ARM在捣乱;
如何在树莓派3B上运行File beat呢?Google了一下,找到了一篇帖子:Installing Filebeat on Raspberry PI 3
下面简单整理了出来:
解决软件依赖
vim,git,python-pip,virtualenv
apt-get install vim git python-pip
pip install virtualenv
安装Go
Raspberry Pi基于ARMv6架构,运行在树莓派上的Beat是用go编写的,默认附带的go-1.7.*总是出现问题
在此重新安装go-1.9.2版本(如果有旧版本,建议卸载干净)
cd ~/
wget https://redirector.gvt1.com/edgedl/go/go1.9.2.linux-armv6l.tar.gz
tar -C /usr/local -xvf go1.9.2.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin
检查能否正常使用:
go version
</pre>
下载并构建Filebeat
首先需要设置一个目录来构建Filebeat,在这里使用根目录的~/go目录,并需要配置GOPATH环境变量
root@raspberrypi:~# export GOPATH=$HOME/go
root@raspberrypi:~# mkdir go
root@raspberrypi:~# mkdir -p ${GOPATH}/src/github.com/elastic
root@raspberrypi:~# cd ${GOPATH}/src/github.com/elastic
root@raspberrypi:~/go/src/github.com/elastic#
开始build(构建):
root@raspberrypi:~/go/src/github.com/elastic# git clone https://github.com/elastic/beats.git
root@raspberrypi:~/go/src/github.com/elastic# cd beats/
root@raspberrypi:~/go/src/github.com/elastic/beats# git checkout 23b9e27
root@raspberrypi:~/go/src/github.com/elastic/beats# cd filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# make
go build -i
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# make update
New python executable in /root/go/src/github.com/elastic/beats/filebeat/build/python-env/bin/python
Installing setuptools, pip, wheel...done.
find: warning: you have specified the -maxdepth option after a non-option argument -type, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -mindepth option after a non-option argument -type, but options are not positional (-mindepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
Updating generated files for filebeat
make[1]: Entering directory '/root/go/src/github.com/elastic/beats/libbeat'
make[1]: Leaving directory '/root/go/src/github.com/elastic/beats/libbeat'
-- The index pattern was created under /home/user/go/src/github.com/elastic/beats/filebeat/_meta/kibana/5.x/index-pattern/filebeat.json
-- The index pattern was created under /home/user/go/src/github.com/elastic/beats/filebeat/_meta/kibana/default/index-pattern/filebeat.json
注意:上边的git checkout我实际操作失败了,最终跳过了这一步,但filebeat也可以正常build完成并使用;接下来的make输出是仿照帖子的结果,并非我操作的实际输出信息,这里仅供参考。
git checkout主要目的应该是确定版本信息是否有问题:
Two items to bear in mind as part of building filebeat:
The git checkout command is important. Each version of the beats plugin is designed to work with the same version of Logstash and Elasticsearch. The appropriate hashcode for the target release can be found at the elastic/beats release site. When running filbeat for the first time (below) ensure the built version is what was expected.
Compiling things with go is supposed to take a large amount of memory. Some of the guides mentioned the need to increase the default amount of swap file available. When completing the above steps on a Raspberry Pi 3 this was not required.
完成构建后会生成filebeat可执行文件,不出意外,filebeat可以正常启动了:
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# ./filebeat -e -v
完成安装
现在filebeat已经可以使用,为了服务启动和管理更加方便,最后指定一下filebeat的各种目录和服务配置:
| 目录类型 | 描述 | 默认位置 | Debian默认路径 |
|---|---|---|---|
| home | Filebeat的安装目录 | - | /usr/share/filebeat |
| bin | 二进制文件目录 | {filebeat}/bin | /usr/share/filebeat/bin |
| config | 配置文件目录 | {filebeat} | /etc/filebeat |
| data | 数据文件目录 | {filebeat}/data | /var/lib/filebeat |
| logs | 日志文件目录 | {filebeat}/logs | /var/log/filebeat |
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# mkdir /usr/share/filebeat /usr/share/filebeat/bin /etc/filebeat /var/log/filebeat /var/lib/filebeat
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# mv filebeat /usr/share/filebeat/bin/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# mv module /usr/share/filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# mv modules.d/ /etc/filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# cp filebeat.yml /etc/filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# chmod 750 /var/log/filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# chmod 750 /etc/filebeat/
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# chown -R root:root /usr/share/filebeat/*
最后,配置服务的初始化脚本以便于实现systemctl命令启停和开机自启动:
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# vim /lib/systemd/system/filebeat.service
粘贴如下脚本:
[Unit]
Description=filebeat
Documentation=https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Wants=userwork-online.target
After=network-online.target
[Service]
ExecStart=/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
Restart=always
[Install]
WantedBy=multi-user.target
启动服务:
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# systemctl enable filebeat.service
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# service filebeat start
root@raspberrypi:~/go/src/github.com/elastic/beats/filebeat# service filebeat status
至此,我们就可以用systemctl和service命令管理filebeat了
