| ... | ... | @@ -120,11 +120,27 @@ scp -pr <user-name-of-elk-server>@<elk-server_ip>:/etc/ssl/logstash-forwarder.cr |
|
|
|
##### Configuring Filebeat
|
|
|
|
The filebeat configuration file is in /etc/filebeat/filebeat.yml.
|
|
|
|
|
|
|
|
```
|
|
|
|
- input_type: log
|
|
|
|
|
|
|
|
# Paths that should be crawled and fetched. Glob based paths.
|
|
|
|
paths:
|
|
|
|
- /var/log/gitlab/gitlab-rails/production_json.log
|
|
|
|
fields:
|
|
|
|
document_type: production
|
|
|
|
paths:
|
|
|
|
- /var/log/gitlab/gitlab-rails/application.log
|
|
|
|
fields:
|
|
|
|
document_type: application
|
|
|
|
#- /var/log/*.log
|
|
|
|
#- c:\programdata\elasticsearch\logs\*
|
|
|
|
```
|
|
|
|
|
|
|
|
In the filebeat.prospects part we need to comment on the logs, or remove them, that we don't want the filebeat ship to logstash. I cahnged this part to point at the Gitlab logs -var/log/gitlab/gitlab-rails/production_json.log
|
|
|
|
Then we need to add the output file to logstash output.
|
|
|
|
|
|
|
|
Then we need to add the output file to logstash output
|
|
|
|
|
|
|
|
` ssl.certificate_authorities: ["/etc/ssl/logstash-forwarder.crt"]
|
|
|
|
`
|
|
|
|
We want to uncomment the output.logstash part and add the elk-server-ip to the hosts part and add the port 5044. You also need to add the ssl.certificate_authorities the path to the certificate file.
|
|
|
|
|
|
|
|
After that run the filebeat:
|
| ... | ... | |
| ... | ... | |
