· 6 years ago · Dec 09, 2019, 06:12 PM
1[root@isod-web-pkrs-01 filebeat]# cat filebeat.yml
2###################### Filebeat Configuration Example #########################
3
4# This file is an example configuration file highlighting only the most common
5# options. The filebeat.reference.yml file from the same directory contains all the
6# supported options with more comments. You can use it as a reference.
7#
8# You can find the full configuration reference here:
9# https://www.elastic.co/guide/en/beats/filebeat/index.html
10
11# For more available modules and options, please see the filebeat.reference.yml sample
12# configuration file.
13
14#=========================== Filebeat inputs =============================
15
16filebeat.inputs:
17
18# Each - is an input. Most options can be set at the input level, so
19# you can use different inputs for various configurations.
20# Below are the input specific configurations.
21
22#
23##
24###
25# Generic logs section
26###
27##
28#
29
30- type: log
31
32 # Change to true to enable this input configuration.
33 enabled: true
34
35 # Paths that should be crawled and fetched. Glob based paths.
36 paths:
37 # This is where you put stuff to be sent to logstash
38 - /var/log/messages
39 - /var/log/*/*.log
40 - /var/log/containers/*/*.log
41 #- c:\programdata\elasticsearch\logs\*
42
43 # Exclude lines. A list of regular expressions to match. It drops the lines that are
44 # matching any regular expression from the list.
45 #exclude_lines: ['^DBG']
46
47 # Include lines. A list of regular expressions to match. It exports the lines that are
48 # matching any regular expression from the list.
49 #include_lines: ['^ERR', '^WARN']
50
51 # Exclude files. A list of regular expressions to match. Filebeat drops the files that
52 # are matching any regular expression from the list. By default, no files are dropped.
53 #exclude_files: ['.gz$']
54
55 # Optional additional fields. These fields can be freely picked
56 # to add additional information to the crawled log files for filtering
57 #fields:
58 # level: debug
59 # review: 1
60
61#
62##
63###
64# Tomcat catalina.out section
65###
66##
67#
68
69- type: log
70
71 # Change to true to enable this input configuration.
72 enabled: true
73
74 paths:
75 # Tomcat main log
76 - /opt/apache-tomcat/logs/catalina.out
77
78 ### Multiline options
79
80 # Multiline can be used for log messages spanning multiple lines. This is common
81 # for Java Stack Traces or C-Line Continuation
82
83 # The regexp Pattern that has to be matched. The example pattern matches all lines starting with date
84 multiline.pattern: "^\[[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\]\.[0-9]{3} "
85
86 # Defines if the pattern set under pattern should be negated or not. Default is false.
87 multiline.negate: true
88
89 # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
90 # that was (not) matched before or after or as long as a pattern is not matched based on negate.
91 # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
92 multiline.match: after
93
94 pipeline: tomcat_catalina_out_stdpr_ru_v02
95
96#
97##
98###
99# Andrei Militeev's applications
100# aisStat
101###
102##
103#
104
105- type: log
106
107 # Change to true to enable this input configuration.
108 enabled: true
109
110 paths:
111 - /opt/apache-tomcat/logs/aisStat/aisStat.log
112
113 ### Multiline options
114
115 # Multiline can be used for log messages spanning multiple lines. This is common
116 # for Java Stack Traces or C-Line Continuation
117
118 # The regexp Pattern that has to be matched. The example pattern matches all lines starting with date
119 multiline.pattern: "^\[[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\]\.[0-9]{3} "
120
121 # Defines if the pattern set under pattern should be negated or not. Default is false.
122 multiline.negate: true
123
124 # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
125 # that was (not) matched before or after or as long as a pattern is not matched based on negate.
126 # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
127 multiline.match: after
128
129 pipeline: tomcat_catalina_out_stdpr_ru_v02
130
131#
132##
133###
134# Andrei Militeev's applications
135# aisStatSrv
136###
137##
138#
139
140- type: log
141
142 # Change to true to enable this input configuration.
143 enabled: true
144
145 paths:
146 - /opt/apache-tomcat/logs/aisStatSrv/aisStatSrv.log
147
148 ### Multiline options
149
150 # Multiline can be used for log messages spanning multiple lines. This is common
151 # for Java Stack Traces or C-Line Continuation
152
153 # The regexp Pattern that has to be matched. The example pattern matches all lines starting with date
154 multiline.pattern: "^\[[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\]\.[0-9]{3} "
155
156 # Defines if the pattern set under pattern should be negated or not. Default is false.
157 multiline.negate: true
158
159 # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
160 # that was (not) matched before or after or as long as a pattern is not matched based on negate.
161 # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
162 multiline.match: after
163
164 pipeline: tomcat_catalina_out_stdpr_ru_v02
165
166
167#============================= Filebeat modules ===============================
168
169filebeat.config.modules:
170 # Glob pattern for configuration loading
171 path: ${path.config}/modules.d/*.yml
172
173 # Set to true to enable config reloading
174 reload.enabled: false
175
176 # Period on which files under path should be checked for changes
177 #reload.period: 10s
178
179#==================== Elasticsearch template setting ==========================
180
181setup.template.settings:
182 index.number_of_shards: 3
183 #index.codec: best_compression
184 #_source.enabled: false
185
186#================================ General =====================================
187
188# The name of the shipper that publishes the network data. It can be used to group
189# all the transactions sent by a single shipper in the web interface.
190#name:
191
192# The tags of the shipper are included in their own field with each
193# transaction published.
194#tags: ["service-X", "web-tier"]
195
196# Optional fields that you can specify to add additional information to the
197# output.
198#fields:
199# env: staging
200
201
202#============================== Dashboards =====================================
203# These settings control loading the sample dashboards to the Kibana index. Loading
204# the dashboards is disabled by default and can be enabled either by setting the
205# options here, or by using the `-setup` CLI flag or the `setup` command.
206#setup.dashboards.enabled: false
207setup.dashboards.enabled: true
208setup.dashboards.beat:
209
210# The URL from where to download the dashboards archive. By default this URL
211# has a value which is computed based on the Beat name and version. For released
212# versions, this URL points to the dashboard archive on the artifacts.elastic.co
213# website.
214#setup.dashboards.url:
215
216#============================== Kibana =====================================
217
218# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
219# This requires a Kibana endpoint configuration.
220setup.kibana:
221
222 # Kibana Host
223 # Scheme and port can be left out and will be set to the default (http and 5601)
224 # In case you specify and additional path, the scheme is required: http://localhost:5601/path
225 # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
226
227 host: "10.188.2.134:80"
228
229 # Optional protocol and basic auth credentials.
230 protocol: "http"
231 username: ""
232 password: ""
233
234
235 # Kibana Space ID
236 # ID of the Kibana Space into which the dashboards should be loaded. By default,
237 # the Default Space will be used.
238 #space.id:
239
240
241#============================= Elastic Cloud ==================================
242
243# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
244
245# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
246# `setup.kibana.host` options.
247# You can find the `cloud.id` in the Elastic Cloud web UI.
248#cloud.id:
249
250# The cloud.auth setting overwrites the `output.elasticsearch.username` and
251# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
252#cloud.auth:
253
254#================================ Outputs =====================================
255
256# Configure what output to use when sending the data collected by the beat.
257
258#-------------------------- Elasticsearch output ------------------------------
259### only one type of output here, we're using logstash
260output.elasticsearch:
261 # Array of hosts to connect to.
262 hosts: ["10.188.2.134:9200"]
263
264 # Optional protocol and basic auth credentials.
265 protocol: "http"
266 username: ""
267 password: ""
268
269#----------------------------- Logstash output --------------------------------
270### output.logstash:
271### # The Logstash hosts
272### hosts: ["10.188.2.134:5044"]
273###
274### ssl.enabled: true
275### #### we use our generated certificates from ELK
276### ssl.certificate_authorities: ["/etc/beat/beat-forwarder.crt"]
277###
278### # Certificate for SSL client authentication
279### ssl.certificate: "/etc/beat/beat-forwarder.crt"
280###
281### # Client Certificate Key
282### ssl.key: "/etc/beat/beat-forwarder.key"
283###
284#================================ Procesors =====================================
285
286# Configure processors to enhance or manipulate events generated by the beat.
287
288### processors:
289### - add_host_metadata: ~
290### - add_cloud_metadata: ~
291
292#================================ Logging =====================================
293
294# Sets log level. The default log level is info.
295# Available log levels are: error, warning, info, debug
296#logging.level: debug
297
298# At debug level, you can selectively enable logging only for some components.
299# To enable all selectors use ["*"]. Examples of other selectors are "beat",
300# "publish", "service".
301#logging.selectors: ["*"]
302
303#============================== Xpack Monitoring ===============================
304# filebeat can export internal metrics to a central Elasticsearch monitoring
305# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
306# reporting is disabled by default.
307
308# Set to true to enable the monitoring reporter.
309#xpack.monitoring.enabled: false
310
311# Uncomment to send the metrics to Elasticsearch. Most settings from the
312# Elasticsearch output are accepted here as well. Any setting that is not set is
313# automatically inherited from the Elasticsearch output configuration, so if you
314# have the Elasticsearch output configured, you can simply uncomment the
315# following line.
316#xpack.monitoring.elasticsearch: