d1xxeEva

1root@isod-repo-01 ~]# cat /etc/filebeat/filebeat.yml 
2###################### Filebeat Configuration Example #########################
3
4# This file is an example configuration file highlighting only the most common
5# options. The filebeat.reference.yml file from the same directory contains all the
6# supported options with more comments. You can use it as a reference.
7#
8# You can find the full configuration reference here:
9# https://www.elastic.co/guide/en/beats/filebeat/index.html
10
11# For more available modules and options, please see the filebeat.reference.yml sample
12# configuration file.
13
14#=========================== Filebeat inputs =============================
15
16filebeat.inputs:
17
18# Each - is an input. Most options can be set at the input level, so
19# you can use different inputs for various configurations.
20# Below are the input specific configurations.
21
22- type: log
23
24  # Change to true to enable this input configuration.
25  enabled: true
26
27  # Paths that should be crawled and fetched. Glob based paths.
28  paths:
29  # This is where you put stuff to be sent to logstash
30    ###- /var/log/messages
31    ###- /var/log/*/*.log
32    ###- /var/log/containers/*/*.log
33    ###- c:\programdata\elasticsearch\logs\*
34    ###
35    # Tomcat main log
36    - /opt/apache-tomcat/logs/catalina.out
37
38  # Exclude lines. A list of regular expressions to match. It drops the lines that are
39  # matching any regular expression from the list.
40  #exclude_lines: ['^DBG']
41
42  # Include lines. A list of regular expressions to match. It exports the lines that are
43  # matching any regular expression from the list.
44  #include_lines: ['^ERR', '^WARN']
45
46  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
47  # are matching any regular expression from the list. By default, no files are dropped.
48  #exclude_files: ['.gz$']
49
50  # Optional additional fields. These fields can be freely picked
51  # to add additional information to the crawled log files for filtering
52  #fields:
53  #  level: debug
54  #  review: 1
55
56  ### Multiline options
57
58  # Multiline can be used for log messages spanning multiple lines. This is common
59  # for Java Stack Traces or C-Line Continuation
60
61  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
62  multiline.pattern: ^\[
63
64  # Defines if the pattern set under pattern should be negated or not. Default is false.
65  multiline.negate: true
66
67  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
68  # that was (not) matched before or after or as long as a pattern is not matched based on negate.
69  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
70  multiline.match: after
71
72
73#============================= Filebeat modules ===============================
74
75filebeat.config.modules:
76  # Glob pattern for configuration loading
77  path: ${path.config}/modules.d/*.yml
78
79  # Set to true to enable config reloading
80  reload.enabled: false
81
82  # Period on which files under path should be checked for changes
83  #reload.period: 10s
84
85#==================== Elasticsearch template setting ==========================
86
87setup.template.settings:
88  index.number_of_shards: 3
89  #index.codec: best_compression
90  #_source.enabled: false
91
92#================================ General =====================================
93
94# The name of the shipper that publishes the network data. It can be used to group
95# all the transactions sent by a single shipper in the web interface.
96#name:
97
98# The tags of the shipper are included in their own field with each
99# transaction published.
100#tags: ["service-X", "web-tier"]
101
102# Optional fields that you can specify to add additional information to the
103# output.
104#fields:
105#  env: staging
106
107
108#============================== Dashboards =====================================
109# These settings control loading the sample dashboards to the Kibana index. Loading
110# the dashboards is disabled by default and can be enabled either by setting the
111# options here, or by using the `-setup` CLI flag or the `setup` command.
112#setup.dashboards.enabled: false
113setup.dashboards.enabled: true
114setup.dashboards.beat:
115
116# The URL from where to download the dashboards archive. By default this URL
117# has a value which is computed based on the Beat name and version. For released
118# versions, this URL points to the dashboard archive on the artifacts.elastic.co
119# website.
120#setup.dashboards.url:
121
122#============================== Kibana =====================================
123
124# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
125# This requires a Kibana endpoint configuration.
126setup.kibana:
127
128  # Kibana Host
129  # Scheme and port can be left out and will be set to the default (http and 5601)
130  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
131  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
132
133  host: "10.188.2.134:80"
134
135  # Optional protocol and basic auth credentials.
136  protocol: "http"
137  username: "beats"
138  password: "AllStarrBand"
139
140
141  # Kibana Space ID
142  # ID of the Kibana Space into which the dashboards should be loaded. By default,
143  # the Default Space will be used.
144  #space.id:
145
146
147#============================= Elastic Cloud ==================================
148
149# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
150
151# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
152# `setup.kibana.host` options.
153# You can find the `cloud.id` in the Elastic Cloud web UI.
154#cloud.id:
155
156# The cloud.auth setting overwrites the `output.elasticsearch.username` and
157# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
158#cloud.auth:
159
160#================================ Outputs =====================================
161
162# Configure what output to use when sending the data collected by the beat.
163
164#-------------------------- Elasticsearch output ------------------------------
165### only one type of output here, we're using logstash
166#output.elasticsearch:
167  # Array of hosts to connect to.
168#  hosts: ["localhost:9200"]
169
170  # Optional protocol and basic auth credentials.
171  #protocol: "https"
172  #username: "elastic"
173  #password: "changeme"
174
175#----------------------------- Logstash output --------------------------------
176output.logstash:
177  # The Logstash hosts
178  hosts: ["10.188.2.134:5044"]
179
180  ssl.enabled: true
181  #### we use our generated certificates from ELK
182  ssl.certificate_authorities: ["/etc/beat/beat-forwarder.crt"]
183
184  # Certificate for SSL client authentication
185  ssl.certificate: "/etc/beat/beat-forwarder.crt"
186
187  # Client Certificate Key
188  ssl.key: "/etc/beat/beat-forwarder.key"
189
190#================================ Procesors =====================================
191
192# Configure processors to enhance or manipulate events generated by the beat.
193
194processors:
195  - add_host_metadata: ~
196  - add_cloud_metadata: ~
197
198#================================ Logging =====================================
199
200# Sets log level. The default log level is info.
201# Available log levels are: error, warning, info, debug
202#logging.level: debug
203
204# At debug level, you can selectively enable logging only for some components.
205# To enable all selectors use ["*"]. Examples of other selectors are "beat",
206# "publish", "service".
207#logging.selectors: ["*"]
208
209#============================== Xpack Monitoring ===============================
210# filebeat can export internal metrics to a central Elasticsearch monitoring
211# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
212# reporting is disabled by default.
213
214# Set to true to enable the monitoring reporter.
215#xpack.monitoring.enabled: false
216
217# Uncomment to send the metrics to Elasticsearch. Most settings from the
218# Elasticsearch output are accepted here as well. Any setting that is not set is
219# automatically inherited from the Elasticsearch output configuration, so if you
220# have the Elasticsearch output configured, you can simply uncomment the
221# following line.
222#xpack.monitoring.elasticsearch: