Elasticsearch Filebeat

Video Lecture

Description

I demonstrate how to setup a Filebeat service to read systemd logs.

Filebeat download instructions can be found at https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#installation

I downloaded the debian package manager version.

1 2	`curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-amd64.deb sudo dpkg -i filebeat-7.10.0-amd64.deb`

1 2	`cd /etc/filebeat ls -lh`

1	`sudo nano /etc/filebeat/filebeat.yml`

Enable a module for Filebeat to run.

Get a list.

1	`filebeat modules list`

I enable the system module

1	`filebeat modules enable system`

1 2	`sudo service filebeat start sudo service filebeat status`

You can also disable a module

1	`filebeat modules disable system`

If you enable/disable a module, then restart Filebeat.

1 2	`sudo service filebeat restart sudo service filebeat status`

Since my filebeat service is running on a different server on the internet, and my Elasticsearch server is IP restricted, I will need to add a new rule on my Elasticsearch server to allow my filebeat service to post data to it.

So on my Elasticsearch server, I get the iptables rules line numbers.

1	`iptables -L --line-numbers`

I insert the new rule for my IP before the DROP rule.

1	`iptables -I INPUT 2 -p tcp -s x.x.x.x --dport 9200 -j ACCEPT`

Persist changes.

1	`iptables-save > /etc/iptables/rules.v4`

Now we can set up a new data source in Grafana, or modify the existing and test it using the explore tab.

Useful Links

IPTables Cheatsheet

	Zabbix
	Grafana
	Prometheus
	Threejs and TypeScript
	SocketIO and TypeScript
	Blender Topological Earth
	Sweet Home 3D
	Design Patterns Python
	Design Patterns TypeScript

	Course Coupon Codes

Python		TypeScript

Kindle Edition		Kindle Edition
$9.99 $14.99		$9.99 $14.99
Paperback		Paperback
$14.99 $19.99		$14.99 $19.99