Added: filebeat

charlessoft · charlessoft · commit 0f3492395be8 · 2022-01-03T01:48:16.000+08:00
diff --git a/filebeat/Makefile b/filebeat/Makefile
@@ -0,0 +1,8 @@
+run:
+	sh stop_service.sh && \
+		rm -fr ./ret/zls_filebeat.txt && \
+		touch ./ret/zls_filebeat.txt && \
+		sh start_service.sh 
+
+tail:
+	tail -f ./ret/zls_filebeat.txt 
diff --git a/filebeat/config/config.sh b/filebeat/config/config.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+CONTAINER_NAME=filebeat
+IMAGE=store/elastic/filebeat:7.3.2
+LOGSTASH_CONTAINER_NAME=logstash
+
+
+# ES_IP=localhost
+# ES_BACKUP=${PWD}/es_backup
+
+# ES_DATA=${PWD}/data
+# ES_CONFIG=${PWD}/config
+# ES_PLUGINS=${PWD}/plugins
+
+FILEBEAT_DATA=/tmp/openvpn_filter
+export IMAGE
diff --git a/filebeat/config/filebeat.docker.yml b/filebeat/config/filebeat.docker.yml
@@ -0,0 +1,15 @@
+filebeat.inputs:
+- type: log
+  enabled: true
+  paths:
+    - /logs/ovpn_filter.log
+  multiline.pattern: '^A'
+  multiline.negate: true
+  multiline.match: after
+ 
+output.logstash:
+  hosts: ["logstash:5044"]
+
+processors:
+- drop_fields:
+    fields: ["log","host","input","agent","ecs"]
diff --git a/filebeat/config/filebeat.docker.yml_bak b/filebeat/config/filebeat.docker.yml_bak
@@ -0,0 +1,22 @@
+filebeat.inputs:
+- type: log
+  enabled: true
+  paths:
+    - /logs/elog_file.log
+  multiline.pattern: '^A'
+  multiline.negate: true
+  multiline.match: after
+  # 需要收集的日志所在的位置，可使用通配符进行配置
+  #- /data/elk/*.log
+  # - /logs/*/*.log
+
+#日志输出配置(采用 logstash 收集日志，5044为logstash端口)
+# output.logstash:
+#   hosts: ['172.17.0.1:5044']
+#
+# output.file:
+#   path: "/tmp/ret"
+#   filename: "zls_filebeat.txt"
+
+output.logstash:
+  hosts: ["101.230.12.68": 5044]
diff --git a/filebeat/config/filebeat.docker.yml_bak_new b/filebeat/config/filebeat.docker.yml_bak_new
@@ -0,0 +1,11 @@
+filebeat.inputs:
+- type: log
+  enabled: true
+  paths:
+    - /logs/ovpn_filter.log
+  multiline.pattern: '^A'
+  multiline.negate: true
+  multiline.match: after
+ 
+output.logstash:
+  hosts: ["logstash:5044"]
diff --git a/filebeat/ret/.keep b/filebeat/ret/.keep
diff --git a/filebeat/start_service.sh b/filebeat/start_service.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+source ./config/config.sh
+# docker run -p 5044:5044 -p 5045:5045 \
+#     --name lst -d  \
+#     -v ${PWD}/config/logstash.conf:/usr/share/logstash/config/logstash.conf \
+#     -v ${PWD}/config/logstash.yml:/usr/share/logstash/config/logstash.yml \
+#     ${IMAGE} -f /usr/share/logstash/config/logstash.conf
+
+docker run \
+    --link logstash:logstash \
+    --restart=always \
+    --log-driver json-file \
+    --log-opt max-size=100m \
+    --log-opt max-file=20  \
+    --name filebeat \
+    --user=root -d  \
+    -v ${FILEBEAT_DATA}:/logs/ \
+    -v ${PWD}/ret:/tmp/ret/ \
+    -v ${PWD}/config/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml  \
+    ${IMAGE}
+
+
+
+    # -v /etc/localtime:/etc/localtime \
+    # -v ${PWD}/ret:/tmp/ret/ \
diff --git a/filebeat/stop_service.sh b/filebeat/stop_service.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source ./config/config.sh
+docker rm -f filebeat

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/bash`
	`2`	`+source ./config/config.sh`
	`3`	`+docker rm -f filebeat`