· 6 years ago · Nov 22, 2019, 11:14 AM
1[root@isod-web-cbd-01 ~]# ps ax|grep tomcat|grep -v grep
2 12894 ? Sl 47:05 /opt/jdk//bin/java -Djava.util.logging.config.file=/opt/apache-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.properties=/opt/apache-tomcat/conf/fastersecurerandom.properties -Xms2048m -Xmx6144m -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -XX:+CrashOnOutOfMemoryError -Dignore.endorsed.dirs= -classpath /opt/apache-tomcat/bin/bootstrap.jar:/opt/apache-tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/apache-tomcat -Dcatalina.home=/opt/apache-tomcat -Djava.io.tmpdir=/opt/apache-tomcat/temp org.apache.catalina.startup.Bootstrap start
3
4
5
6[root@isod-web-cbd-01 ~]# ps ax|grep filebeat|grep -v grep
7 27828 ? Ssl 0:24 /usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
8
9
10[root@isod-web-cbd-01 ~]# ll /etc/filebeat/
11итого 228
12-rw-r--r-- 1 root root 146747 ноя 13 21:58 fields.yml
13-rw-r--r-- 1 root root 70172 ноя 13 21:58 filebeat.reference.yml
14-rw-r--r-- 1 root root 7941 ноя 21 18:52 filebeat.yml
15drwxr-xr-x 2 root root 4096 ноя 21 18:25 modules.d
16
17
18
19[root@isod-web-cbd-01 ~]# ll /etc/filebeat/modules.d/
20итого 76
21-rw-r--r-- 1 root root 371 ноя 13 21:58 apache2.yml.disabled
22-rw-r--r-- 1 root root 175 ноя 13 21:58 auditd.yml.disabled
23-rw-r--r-- 1 root root 1250 ноя 13 21:58 elasticsearch.yml.disabled
24-rw-r--r-- 1 root root 269 ноя 13 21:58 haproxy.yml.disabled
25-rw-r--r-- 1 root root 546 ноя 13 21:58 icinga.yml.disabled
26-rw-r--r-- 1 root root 371 ноя 13 21:58 iis.yml.disabled
27-rw-r--r-- 1 root root 257 ноя 13 21:58 iptables.yml.disabled
28-rw-r--r-- 1 root root 396 ноя 13 21:58 kafka.yml.disabled
29-rw-r--r-- 1 root root 188 ноя 13 21:58 kibana.yml.disabled
30-rw-r--r-- 1 root root 563 ноя 13 21:58 logstash.yml.disabled
31-rw-r--r-- 1 root root 189 ноя 13 21:58 mongodb.yml.disabled
32-rw-r--r-- 1 root root 368 ноя 13 21:58 mysql.yml.disabled
33-rw-r--r-- 1 root root 569 ноя 13 21:58 nginx.yml.disabled
34-rw-r--r-- 1 root root 388 ноя 13 21:58 osquery.yml.disabled
35-rw-r--r-- 1 root root 192 ноя 13 21:58 postgresql.yml.disabled
36-rw-r--r-- 1 root root 463 ноя 13 21:58 redis.yml.disabled
37-rw-r--r-- 1 root root 190 ноя 13 21:58 suricata.yml.disabled
38-rw-r--r-- 1 root root 574 ноя 13 21:58 system.yml.disabled
39-rw-r--r-- 1 root root 195 ноя 13 21:58 traefik.yml.disabled
40
41
42
43[root@isod-web-cbd-01 ~]# cat /etc/filebeat/filebeat.yml
44###################### Filebeat Configuration Example #########################
45
46# This file is an example configuration file highlighting only the most common
47# options. The filebeat.reference.yml file from the same directory contains all the
48# supported options with more comments. You can use it as a reference.
49#
50# You can find the full configuration reference here:
51# https://www.elastic.co/guide/en/beats/filebeat/index.html
52
53# For more available modules and options, please see the filebeat.reference.yml sample
54# configuration file.
55
56#=========================== Filebeat inputs =============================
57
58filebeat.inputs:
59
60# Each - is an input. Most options can be set at the input level, so
61# you can use different inputs for various configurations.
62# Below are the input specific configurations.
63
64- type: log
65
66 # Change to true to enable this input configuration.
67 enabled: true
68
69 # Paths that should be crawled and fetched. Glob based paths.
70 paths:
71 # This is where you put stuff to be sent to logstash
72 - /var/log/messages
73 - /var/log/*/*.log
74 - /var/log/containers/*/*.log
75 #- c:\programdata\elasticsearch\logs\*
76
77 # Exclude lines. A list of regular expressions to match. It drops the lines that are
78 # matching any regular expression from the list.
79 #exclude_lines: ['^DBG']
80
81 # Include lines. A list of regular expressions to match. It exports the lines that are
82 # matching any regular expression from the list.
83 #include_lines: ['^ERR', '^WARN']
84
85 # Exclude files. A list of regular expressions to match. Filebeat drops the files that
86 # are matching any regular expression from the list. By default, no files are dropped.
87 #exclude_files: ['.gz$']
88
89 # Optional additional fields. These fields can be freely picked
90 # to add additional information to the crawled log files for filtering
91 #fields:
92 # level: debug
93 # review: 1
94
95 ### Multiline options
96
97 # Multiline can be used for log messages spanning multiple lines. This is common
98 # for Java Stack Traces or C-Line Continuation
99
100 # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
101 #multiline.pattern: ^\[
102
103 # Defines if the pattern set under pattern should be negated or not. Default is false.
104 #multiline.negate: false
105
106 # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
107 # that was (not) matched before or after or as long as a pattern is not matched based on negate.
108 # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
109 #multiline.match: after
110
111
112#============================= Filebeat modules ===============================
113
114filebeat.config.modules:
115 # Glob pattern for configuration loading
116 path: ${path.config}/modules.d/*.yml
117
118 # Set to true to enable config reloading
119 reload.enabled: false
120
121 # Period on which files under path should be checked for changes
122 #reload.period: 10s
123
124#==================== Elasticsearch template setting ==========================
125
126setup.template.settings:
127 index.number_of_shards: 3
128 #index.codec: best_compression
129 #_source.enabled: false
130
131#================================ General =====================================
132
133# The name of the shipper that publishes the network data. It can be used to group
134# all the transactions sent by a single shipper in the web interface.
135#name:
136
137# The tags of the shipper are included in their own field with each
138# transaction published.
139#tags: ["service-X", "web-tier"]
140
141# Optional fields that you can specify to add additional information to the
142# output.
143#fields:
144# env: staging
145
146
147#============================== Dashboards =====================================
148# These settings control loading the sample dashboards to the Kibana index. Loading
149# the dashboards is disabled by default and can be enabled either by setting the
150# options here, or by using the `-setup` CLI flag or the `setup` command.
151#setup.dashboards.enabled: false
152setup.dashboards.enabled: true
153setup.dashboards.beat:
154
155# The URL from where to download the dashboards archive. By default this URL
156# has a value which is computed based on the Beat name and version. For released
157# versions, this URL points to the dashboard archive on the artifacts.elastic.co
158# website.
159#setup.dashboards.url:
160
161#============================== Kibana =====================================
162
163# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
164# This requires a Kibana endpoint configuration.
165setup.kibana:
166
167 # Kibana Host
168 # Scheme and port can be left out and will be set to the default (http and 5601)
169 # In case you specify and additional path, the scheme is required: http://localhost:5601/path
170 # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
171
172 host: "10.188.2.134:80"
173
174 # Optional protocol and basic auth credentials.
175 protocol: "http"
176 username: "********"
177 password: "********"
178
179
180 # Kibana Space ID
181 # ID of the Kibana Space into which the dashboards should be loaded. By default,
182 # the Default Space will be used.
183 #space.id:
184
185
186#============================= Elastic Cloud ==================================
187
188# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
189
190# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
191# `setup.kibana.host` options.
192# You can find the `cloud.id` in the Elastic Cloud web UI.
193#cloud.id:
194
195# The cloud.auth setting overwrites the `output.elasticsearch.username` and
196# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
197#cloud.auth:
198
199#================================ Outputs =====================================
200
201# Configure what output to use when sending the data collected by the beat.
202
203#-------------------------- Elasticsearch output ------------------------------
204### only one type of output here, we're using logstash
205#output.elasticsearch:
206 # Array of hosts to connect to.
207# hosts: ["localhost:9200"]
208
209 # Optional protocol and basic auth credentials.
210 #protocol: "https"
211 #username: "elastic"
212 #password: "changeme"
213
214#----------------------------- Logstash output --------------------------------
215output.logstash:
216 # The Logstash hosts
217 hosts: ["10.188.2.134:5044"]
218
219 ssl.enabled: true
220 #### we use our generated certificates from ELK
221 ssl.certificate_authorities: ["/etc/beat/beat-forwarder.crt"]
222
223 # Certificate for SSL client authentication
224 ssl.certificate: "/etc/beat/beat-forwarder.crt"
225
226 # Client Certificate Key
227 ssl.key: "/etc/beat/beat-forwarder.key"
228
229#================================ Procesors =====================================
230
231# Configure processors to enhance or manipulate events generated by the beat.
232
233processors:
234 - add_host_metadata: ~
235 - add_cloud_metadata: ~
236
237#================================ Logging =====================================
238
239# Sets log level. The default log level is info.
240# Available log levels are: error, warning, info, debug
241#logging.level: debug
242
243# At debug level, you can selectively enable logging only for some components.
244# To enable all selectors use ["*"]. Examples of other selectors are "beat",
245# "publish", "service".
246#logging.selectors: ["*"]
247
248#============================== Xpack Monitoring ===============================
249# filebeat can export internal metrics to a central Elasticsearch monitoring
250# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
251# reporting is disabled by default.
252
253# Set to true to enable the monitoring reporter.
254#xpack.monitoring.enabled: false
255
256# Uncomment to send the metrics to Elasticsearch. Most settings from the
257# Elasticsearch output are accepted here as well. Any setting that is not set is
258# automatically inherited from the Elasticsearch output configuration, so if you
259# have the Elasticsearch output configured, you can simply uncomment the
260# following line.
261#xpack.monitoring.elasticsearch: