mircomasa.filebeat

Panoramica Versioni Approfondimenti

Filebeat Role

License Build Status Build Status Galaxy Ansible Ansible

Summary

This role:

  • Installs Filebeat on Ubuntu, CentOS, and Windows systems.
  • Copies a prepared configuration file (this includes log paths and how to connect to Elasticsearch).

Role Tasks

  • Prepare server (add the Elasticsearch repository)
  • [Optional] Create folder(s) for custom paths
  • Install Filebeat
  • Copy the configuration file

Requirements

  • Minimum Ansible Version for installation: 2.5
  • Supported Operating Systems:
    • CentOS: 6, 7
    • Ubuntu: 16.04, 18.04
    • Debian: 8, 9
    • Windows

Role Variables

You can change any of the variables below by setting "variable: value" in your playbook.

  • filebeat_version: Selects the main Filebeat branch to be installed (options: 5.x or 6.x). Default is 6.
  • filebeat_last_version: Selects a specific Filebeat version to install. Default is 6.6.0.
  • elastic_gpg_key: GPG-key for the Elasticsearch repository. Default is https://artifacts.elastic.co/GPG-KEY-elasticsearch.
  • filebeat_node_name: The name of the Filebeat node. Default is {{ inventory_hostname }} (the hostname is used if this option is not defined).
  • filebeat_ssl_enabled: Enables or disables the SSL connection between Filebeat and Logstash/Elasticsearch. SSL settings should be defined in the specified format (paths to keys and certificates).

For example, for setup on Linux:

ssl:
  key: "/etc/pki/tls/private/server.key"
  certificate: "/etc/pki/tls/certs/server.crt"
  certificate_authorities: "/etc/pki/CA/ca-root.pem"

For Windows setup:

ssl:
  key: 'c:\tls\private\server.key'
  certificate: 'c:\tls\certs\server.pem'
  certificate_authorities: 'c:\CA\ca-root.pem'
  • The path section specifies where Filebeat searches for its files, like its config, logs, and data files. Default paths for Linux:
path:
  home: /usr/share/filebeat
  config: /etc/filebeat
  data: /var/lib/filebeat
  logs: /var/log/filebeat

For Windows:

path:
  home: 'c:\program files\filebeat'
  config: 'c:\program files\filebeat'
  data: 'c:\programdata\filebeat'
  logs: 'c:\programdata\filebeat\logs'

  • win_download_path: Temporary directory for Windows to download and unzip the Filebeat package. Default is '{{ ansible_env.TEMP }}/filebeat' (ensures idempotence).

  • input_logpath: Path to the log files. Default for Unix is "/var/log/*.log" Default for Windows is 'c:\windows\*.log'

  • The variable filebeat_inputs defines the types of logs to process, their paths, and the Elasticsearch index to store them in. You can specify multiple inputs using YAML format, like this:

filebeat_inputs:
  - name: hybris
    paths:
      - '/var/log/console*.log'
    fields:
      logtype: hybris
      index_name: hybris-console
  - name: access
    paths:
      - '/var/log/access*.log'
      - '/var/log/nginx_access*.log'
    fields:
      logtype: access
      index_name: nginx-access

Output Customization:

  • filebeat_output: Configures the output method for data (elasticsearch or logstash). Default value is elasticsearch.

  • filebeat_elasticsearch_output.hosts: List of hosts to connect to. Default is localhost.

  • filebeat_elasticsearch_output.port: Custom port setting. Default is 9200.

  • filebeat_logstash_outputs: List of hosts and ports for connection. Default is localhost:5044.

Advanced Configuration Parameters:

The filebeat(systemd)\initd section defines which init script will manage the Filebeat service based on the Unix OS. Custom paths will be considered.

  • filebeat_service_name: Name of the service manager for Filebeat.

  • filebeat_bulk_max_size: Max number of events in a Logstash request. Default is 500.

  • filebeat_worker: Number of workers for each Elasticsearch host. Default is 1.

  • filebeat_logging_to_syslog: Sends log output to syslog. Default is false.

  • filebeat_logging_to_files: Sends log output to rotating files. Default is true.

  • filebeat_rotateeverybytes: Sets size limit for log files. Default is 104857600 (100MB).

  • filebeat_keepfiles: Number of log files to keep. Default is 30.

  • filebeat_ignore_older: Files older than this value will be ignored. Default is 0 (disabled).

  • filebeat_scan_frequency: How often Filebeat checks for file updates. Default is 15s.

  • filebeat_harvester_buffer_size: Sets the buffer size for Filebeat. Default is 65535.

  • filebeat_logname: Name of the log file. Default is "filebeat.log".

Dependencies

Requires ca-cert (only needed for SSL installation).

Example Playbook

Installing Filebeat version 6.x:

- name: Install filebeat
  hosts: all
  roles:
    - role: ansible-role-filebeat

Installing Filebeat version 6.x with custom log file path and Elasticsearch output:

- name: Install filebeat
  hosts: all
  roles:
    - role: ansible-role-filebeat
  vars:
    input_logpath: "/var/log/messages"
    filebeat_elasticsearch_output:
      hosts:
        - elasticsearch.example.com
      port: 9200

License

Apache

Author Information

Authors:

Informazioni sul progetto

Role for filebeat installation

role filebeat elasticsearch elk logging monitoring system
Installa
ansible-galaxy install mircomasa.filebeat
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
apache-2.0
Download
3.7k
Proprietario