一、rpm安装方式
1.下载rpm包并安装
[root@localhost ~]# ls
filebeat-6.2.4-x86_64.rpm
[root@localhost ~]# rpm -ivh filebeat-6.2.4-x86_64.rpm
warning: filebeat-6.2.4-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:filebeat-6.2.4-1 ################################# [100%]
2、修改filebeat.yml配置文件
日志输出给redis为例
[root@localhost ~]# more /etc/filebeat/filebeat.yml
filebeat.prospectors:
- type: log
enabled: true
paths:
- /opt/earth/jboss/standalone/log/*.log
multiline:
pattern: '^\d{4}\-\d{2}\-\d{2}'
negate: true
match: after
max_lines: 50
timeout: 5s
fields:
log_host: 196.168.20.35
log_project: MLYY
log_area: mlyy
fields_under_root: true
output.redis:
enable: true
hosts: ["196.168.20.21:6379"]
datatype: list
keys:
- key: "filebeat"
3、启动filebeat
两种启动方式
[root@localhost ~]# systemctl start filebeat
或者
[root@localhost ~]# cd /usr/share/filebeat/bin/
[root@localhost bin]# ls
filebeat filebeat-god
[root@localhost bin]# nohup ./filebeat -e -c /etc/filebeat/filebeat.yml &
查看进程
[root@localhost ~]# ps -ef | grep filebeat
root 23786 1 0 10:37 ? 00:00:00 /usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
root 24379 24342 0 11:25 pts/0 00:00:00 grep --color=auto filebeat
二、ansible命令安装方式
把filebeat包传到目标服务器
ansible mlsc_jboss -m copy -a "src=/root/filebeat_file/filebeat-6.2.4-x86_64.rpm dest=/root/filebeat-6.2.4-x86_64.rpm" -u root -k
安装filebeat
ansible mlsc_jboss -m yum -a "name=filebeat-6.2.4-x86_64.rpm state=installed" -u root -k
替换filebeat.yml配置文件
ansible mlsc_jboss -m copy -a "src=/root/filebeat_file/filebeat.yml dest=/etc/filebeat/filebeat.yml" -u root -k
把change_ip.sh脚本发送到目标服务器
ansible mlsc_jboss -m copy -a "src=/root/filebeat_file/change_ip.sh dest=/root/change_ip.sh" -u root -k
执行change_ip.sh脚本
ansible mlsc_jboss -m shell -a "sh /root/change_ip.sh" -u root -k
启动filebeat
Centos7:
ansible mlsc_jboss -m systemd -a "name=filebeat state=started" -u root -k
Centos6:
ansible mlsc_jboss -m service -a "name=filebeat state=started" -u root -k
添加开机自启
Centos7:
ansible mlsc_jboss -m shell -a "systemctl enable filebeat" -u root -k
Centos6:
ansible mlsc_jboss -m shell -a 'echo "service filebeat start" >>/etc/rc.local' -u root -k
================================================================================
change_ip.sh脚本内容:
#!/bin/bash
network_name=`ls -l /sys/class/net | grep -i 'pci' | awk -F '/' '{print $NF}'`
new_ip=`ip a | grep "$network_name" | grep " inet" | awk '{print $2}' | awk -F'/' '{print $1}'`
old_ip=`cat /etc/filebeat/filebeat.yml | grep "log_host" |awk -F':' '{print $2}'`
sed -ri "s/$old_ip/ $new_ip/" /etc/filebeat/filebeat.yml
================================================================================
filebeat.yml配置文件内容:
filebeat.prospectors:
- type: log
enabled: true
paths:
- /opt/earth/jboss/standalone/log/*.log
multiline:
pattern: '^\d{4}\-\d{2}\-\d{2}'
negate: true
match: after
max_lines: 50
timeout: 5s
fields:
log_host: 196.168.20.30
log_project: MLYY
log_area: mlyy
fields_under_root: true
output.redis:
enable: true
hosts: ["196.168.20.21:6379"]
datatype: list
keys:
- key: "filebeat"
#output.file:
# path: "/tmp"
# filename: jboss.txt
#
================================================================================
logstash 服务端配置文件内容logstash_index.conf:
input {
redis {
host => "196.168.20.21"
port => "6379"
data_type => "list"
key => "filebeat"
type => "redis-input"
}
}
filter {
mutate {
rename => [ "type","log_server"]
}
}
filter {
grok {
match => ["message" , "%{TIMESTAMP_ISO8601:log_time}( -)? %{LOGLEVEL:log_level} \[(?(.*?)|((?:[a-zA-Z0-9-]+\.)+[A-Za-z0-9$_]+))\] \((?(.*?))\)" ]
}
date {
match => [ "log_time", "yyyy-MM-dd HH:mm:ss:ssssss" ]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => "58.48.177.111:9200"
user => "elastic"
password => "Elapp211!"
}
}
三、playbook安装方式
1、所需文件及路径
[root@localhost filebeat]# pwd
/etc/ansible/playbook/filebeat
[root@localhost filebeat]# ll
total 12420
-rw-r--r--. 1 root root 326 Apr 27 15:40 change_ip.sh
-rw-r--r--. 1 root root 12699052 Apr 22 11:16 filebeat-6.2.4-x86_64.rpm
-rw-r--r--. 1 root root 474 Apr 27 13:52 filebeat.yml
-rw-r--r--. 1 root root 1413 Apr 27 15:57 install_filebeat.yml
2、playbook内容
---
- name: install filebeat
hosts: "{{host}}"
tasks:
- name: Copy installation package to target host
copy: src=/etc/ansible/playbook/filebeat/filebeat-6.2.4-x86_64.rpm dest=/root/filebeat-6.2.4-x86_64.rpm
- name: Yum install filebeat
yum: name=filebeat-6.2.4-x86_64.rpm state=installed
- name: Change filebeat.yml config file
copy: src=/etc/ansible/playbook/filebeat/filebeat.yml dest=/etc/filebeat/filebeat.yml
- name: Copy chang_ip.sh to target host
copy: src=/etc/ansible/playbook/filebeat/change_ip.sh dest=/root/change_ip.sh
- name: Running change_ip.sh for change ip
shell: sh /root/change_ip.sh
- name: Start filebeat if OS=centos6
service: name=filebeat state=started
when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "6")
- name: Start filebeat if OS=centos7
systemd: name=filebeat state=started
when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "7")
- name: Add boot auto start if OS=centos6
shell: echo "service filebeat start" >>/etc/rc.local
when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "6")
- name: Add boot auto start if OS=centos7
shell: systemctl enable filebeat
when: (ansible_distribution == "CentOS") and (ansible_distribution_major_version == "7")
3、脚本change_ip.sh 内容
#!/bin/bash
network_name=`ls -l /sys/class/net | grep -i 'pci' | awk -F '/' '{print $NF}'`
new_ip=`ip a | grep "$network_name" | grep " inet" | awk '{print $2}' | awk -F'/' '{print $1}'`
old_ip=`cat /etc/filebeat/filebeat.yml | grep "log_host" |awk -F':' '{print $2}'`
sed -ri "s/$old_ip/ $new_ip/" /etc/filebeat/filebeat.yml