7,164
edits
Line 126: | Line 126: | ||
==== Filebeat 設定 ==== | ==== Filebeat 設定 ==== | ||
'''filebeat.yml 例 ( | '''filebeat.yml 例 (6.0 仮)''' | ||
: 6.0 は type が使えないので log_type という名前のカスタムフィールドに変更する。 | : 6.0 は type が使えないので log_type という名前のカスタムフィールドに変更する。 | ||
::logstash 使うので filebeat modules は使わない。 | |||
:::modules 勉強しないといけない。 | |||
<syntaxhighlight lang="yaml" enclose="div"> | <syntaxhighlight lang="yaml" enclose="div"> | ||
######################## Filebeat Configuration ############################ | |||
#=========================== Filebeat prospectors ============================= | |||
filebeat.prospectors: | |||
- type: log | |||
paths: | |||
- /var/log/syslog | |||
- /var/log/mail.log | |||
- /var/log/auth.log | |||
fields: | |||
log_type: syslog | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/apache2/access.log | |||
fields: | |||
log_type: apache | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/apache2/other_vhosts_access.log | |||
fields: | |||
log_type: apache-other-vhost | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/apache2/error.log | |||
fields: | |||
log_type: apache-error | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/varnish/varnishncsa.log | |||
fields: | |||
log_type: varnish | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/dpkg.log | |||
fields: | |||
log_type: dpkg | |||
fields_under_root: true | |||
- type: log | |||
paths: | |||
/var/log/fail2ban.log | |||
fields: | |||
log_type: fail2ban | |||
fields_under_root: true | |||
# | #========================= Filebeat global options ============================ | ||
filebeat.registry_file: /var/lib/filebeat/registry | |||
# | #================================ Outputs ====================================== | ||
#----------------------------- Logstash output --------------------------------- | |||
output.logstash: | |||
# The Logstash hosts | |||
hosts: ["localhost:5044"] | |||
# Optional SSL. By default is off. | |||
# List of root certificates for HTTPS server verifications | |||
ssl.certificate_authorities: ["/etc/logstash/logstash-forwarder.crt"] | |||
# Certificate for TLS client authentication | |||
#ssl.certificate: "/etc/logstash/logstash-forwarder.crt" | |||
# Client Certificate Key | |||
#ssl.key: "/etc/logstash/logstash-forwarder.key" | |||
# Configure SSL verification mode. If `none` is configured, all server hosts | |||
# and certificates will be accepted. In this mode, SSL based connections are | |||
# susceptible to man-in-the-middle attacks. Use only for testing. Default is | |||
# `full`. | |||
#ssl.verification_mode: full | |||
ssl.verification_mode: none | |||
#================================ Logging ====================================== | |||
# There are three options for the log output: syslog, file, stderr. | |||
# Under Windows systems, the log files are per default sent to the file output, | |||
# under all other system per default to syslog. | |||
# Sets log level. The default log level is info. | |||
# Available log levels are: critical, error, warning, info, debug | |||
#logging.level: info | |||
logging.level: info | |||
# Enable debug output for selected components. To enable all selectors use ["*"] | |||
# Other available selectors are "beat", "publish", "service" | |||
# Multiple selectors can be chained. | |||
#logging.selectors: [ ] | |||
# Send all logging output to syslog. The default is false. | |||
#logging.to_syslog: true | |||
logging.to_syslog: false | |||
# | |||
logging: | |||
# If enabled, filebeat periodically logs its internal metrics that have changed | |||
# in the last period. For each metric that changed, the delta from the value at | |||
# the beginning of the period is logged. Also, the total values for | |||
# all non-zero internal metrics are logged on shutdown. The default is true. | |||
#logging.metrics.enabled: true | |||
# The period after which to log the internal metrics. The default is 30s. | |||
#logging.metrics.period: 30s | |||
# Logging to rotating files files. Set logging.to_files to false to disable logging to | |||
# files. | |||
logging.to_files: true | |||
logging.files: | |||
# Configure the path where the logs are written. The default is the logs directory | |||
# under the home path (the binary location). | |||
#path: /var/log/filebeat | |||
path: /var/log/filebeat | |||
# The name of the files where the logs are written to. | |||
#name: filebeat | |||
name: filebeat.log | |||
# Configure log file size limit. If limit is reached, log file will be | |||
# automatically rotated | |||
#rotateeverybytes: 10485760 # = 10MB | |||
rotateeverybytes: 10485760 # = 10MB | |||
# Number of rotated log files to keep. Oldest files will be deleted first. | |||
#keepfiles: 7 | |||
keepfiles: 7 | |||
# | # The permissions mask to apply when rotating log files. The default value is 0600. | ||
# Must be a valid Unix-style file permissions mask expressed in octal notation. | |||
# | #permissions: 0600 | ||
# | |||
# Set to true to log messages in json format. | |||
#logging.json: false | |||
</syntaxhighlight> | </syntaxhighlight> | ||