If you having issues with the configuration, enable debugging by adding the following to the end of `filebeat.yml`: doas vi /etc/filebeat/filebeat.yml Test config file: doas /etc/filebeat/filebeat.yml test configįor details on further configuration please see:
#ssl.certificate: "/etc/pki/client/cert.pem" # Certificate for SSL client authentication # List of root certificates for HTTPS server verifications # to add additional information to the crawled log files for filtering # Paths that should be crawled and fetched. # Change to true to enable this prospector configuration. Sections that are not changed are omitted with ``: sudo vi /etc/filebeat/filebeat.yml If you are using TLS (https) to secure the connection, copy the cert from the ELK server to the OpenBSD server running Filebeat: scp /etc/logstash/logstash.crt the OpenBSD server running Filebeat: doas mv /home/USERNAME/logstash.crt /etc/filebeatĭoas chown root.wheel /etc/filebeat/logstash.crtįilebeat can be configured to log to Elasticsearch or Logstash, in this example we are logging to Logstash.īelow is an example `filebeat.yml`, please note that this will need to be customized to include what you want to forward.
#FILEBEATS INSTALL INSTALL#
Install Filebeat and set permissions: doas cp -R $GOPATH/bin/filebeat /usr/sbin/Ĭopy Filebeat config files: doas mkdir /etc/filebeatĭoas cp $GOPATH/src//elastic/beats/filebeat/filebeat.yml /etc/filebeat/ List the branches and switch to the appropriate branch, in this example release v6.2.1: cd beats
Set up the Go build environment and get the Filebeat source: mkdir ~/go Then install Go, git and gmake: doas pkg_add git gmake go bash Next edit `/etc/installurl` to set the mirror: doas vi /etc/installurl
0 kommentar(er)
