zLh5T293

1[root@isod-repo-01 filebeat]# cat /etc/filebeat/filebeat.yml 
2###################### Filebeat Configuration Example #########################
3
4# This file is an example configuration file highlighting only the most common
5# options. The filebeat.reference.yml file from the same directory contains all the
6# supported options with more comments. You can use it as a reference.
7#
8# You can find the full configuration reference here:
9# https://www.elastic.co/guide/en/beats/filebeat/index.html
10
11# For more available modules and options, please see the filebeat.reference.yml sample
12# configuration file.
13
14#=========================== Filebeat inputs =============================
15
16filebeat.inputs:
17
18# Each - is an input. Most options can be set at the input level, so
19# you can use different inputs for various configurations.
20# Below are the input specific configurations.
21
22- type: log
23
24  # Change to true to enable this input configuration.
25  enabled: true
26
27  # Paths that should be crawled and fetched. Glob based paths.
28  paths:
29  # This is where you put stuff to be sent to logstash
30    ###- /var/log/messages
31    ###- /var/log/*/*.log
32    ###- /var/log/containers/*/*.log
33    ###- c:\programdata\elasticsearch\logs\*
34    ###
35    # Tomcat main log
36    - /opt/apache-tomcat/logs/catalina.out
37
38  # Exclude lines. A list of regular expressions to match. It drops the lines that are
39  # matching any regular expression from the list.
40  #exclude_lines: ['^DBG']
41
42  # Include lines. A list of regular expressions to match. It exports the lines that are
43  # matching any regular expression from the list.
44  #include_lines: ['^ERR', '^WARN']
45
46  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
47  # are matching any regular expression from the list. By default, no files are dropped.
48  #exclude_files: ['.gz$']
49
50  # Optional additional fields. These fields can be freely picked
51  # to add additional information to the crawled log files for filtering
52  #fields:
53  #  level: debug
54  #  review: 1
55
56  ### Multiline options
57
58  # Multiline can be used for log messages spanning multiple lines. This is common
59  # for Java Stack Traces or C-Line Continuation
60
61  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
62  multiline.pattern: ^\[
63
64  # Defines if the pattern set under pattern should be negated or not. Default is false.
65  multiline.negate: true
66
67  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
68  # that was (not) matched before or after or as long as a pattern is not matched based on negate.
69  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
70  multiline.match: after
71
72  pipeline: tomcat_catalina_out_stdpr_ru_v02
73
74
75#============================= Filebeat modules ===============================
76
77filebeat.config.modules:
78  # Glob pattern for configuration loading
79  path: ${path.config}/modules.d/*.yml
80
81  # Set to true to enable config reloading
82  reload.enabled: false
83
84  # Period on which files under path should be checked for changes
85  #reload.period: 10s
86
87#==================== Elasticsearch template setting ==========================
88
89setup.template.settings:
90  index.number_of_shards: 3
91  #index.codec: best_compression
92  #_source.enabled: false
93
94#================================ General =====================================
95
96# The name of the shipper that publishes the network data. It can be used to group
97# all the transactions sent by a single shipper in the web interface.
98#name:
99
100# The tags of the shipper are included in their own field with each
101# transaction published.
102#tags: ["service-X", "web-tier"]
103
104# Optional fields that you can specify to add additional information to the
105# output.
106#fields:
107#  env: staging
108
109
110#============================== Dashboards =====================================
111# These settings control loading the sample dashboards to the Kibana index. Loading
112# the dashboards is disabled by default and can be enabled either by setting the
113# options here, or by using the `-setup` CLI flag or the `setup` command.
114#setup.dashboards.enabled: false
115setup.dashboards.enabled: true
116setup.dashboards.beat:
117
118# The URL from where to download the dashboards archive. By default this URL
119# has a value which is computed based on the Beat name and version. For released
120# versions, this URL points to the dashboard archive on the artifacts.elastic.co
121# website.
122#setup.dashboards.url:
123
124#============================== Kibana =====================================
125
126# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
127# This requires a Kibana endpoint configuration.
128setup.kibana:
129
130  # Kibana Host
131  # Scheme and port can be left out and will be set to the default (http and 5601)
132  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
133  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
134
135  host: "10.188.2.134:80"
136
137  # Optional protocol and basic auth credentials.
138  protocol: "http"
139  username: ""
140  password: ""
141
142
143  # Kibana Space ID
144  # ID of the Kibana Space into which the dashboards should be loaded. By default,
145  # the Default Space will be used.
146  #space.id:
147
148
149#============================= Elastic Cloud ==================================
150
151# These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).
152
153# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
154# `setup.kibana.host` options.
155# You can find the `cloud.id` in the Elastic Cloud web UI.
156#cloud.id:
157
158# The cloud.auth setting overwrites the `output.elasticsearch.username` and
159# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
160#cloud.auth:
161
162#================================ Outputs =====================================
163
164# Configure what output to use when sending the data collected by the beat.
165
166#-------------------------- Elasticsearch output ------------------------------
167### only one type of output here, we're using logstash
168output.elasticsearch:
169  # Array of hosts to connect to.
170  hosts: ["10.188.2.134:9200"]
171
172  # Optional protocol and basic auth credentials.
173  protocol: "http"
174  username: "elastic"
175  password: "changeme"
176
177#----------------------------- Logstash output --------------------------------
178### output.logstash:
179###   # The Logstash hosts
180###   hosts: ["10.188.2.134:5044"]
181### 
182###   ssl.enabled: true
183###   #### we use our generated certificates from ELK
184###   ssl.certificate_authorities: ["/etc/beat/beat-forwarder.crt"]
185### 
186###   # Certificate for SSL client authentication
187###   ssl.certificate: "/etc/beat/beat-forwarder.crt"
188### 
189###   # Client Certificate Key
190###   ssl.key: "/etc/beat/beat-forwarder.key"
191### 
192#================================ Procesors =====================================
193
194# Configure processors to enhance or manipulate events generated by the beat.
195
196### processors:
197###   - add_host_metadata: ~
198###   - add_cloud_metadata: ~
199
200#================================ Logging =====================================
201
202# Sets log level. The default log level is info.
203# Available log levels are: error, warning, info, debug
204#logging.level: debug
205
206# At debug level, you can selectively enable logging only for some components.
207# To enable all selectors use ["*"]. Examples of other selectors are "beat",
208# "publish", "service".
209#logging.selectors: ["*"]
210
211#============================== Xpack Monitoring ===============================
212# filebeat can export internal metrics to a central Elasticsearch monitoring
213# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
214# reporting is disabled by default.
215
216# Set to true to enable the monitoring reporter.
217#xpack.monitoring.enabled: false
218
219# Uncomment to send the metrics to Elasticsearch. Most settings from the
220# Elasticsearch output are accepted here as well. Any setting that is not set is
221# automatically inherited from the Elasticsearch output configuration, so if you
222# have the Elasticsearch output configured, you can simply uncomment the
223# following line.
224#xpack.monitoring.elasticsearch: