首页 › RedHat/Centos论坛 › Centos 7.4下安装FileBeat

吃瓜群众谨慎发言 發表於 2019-10-7 12:21:00

Centos 7.4下安装FileBeat

<p>一. 直接yum方式安装</p>
<div class="cnblogs_code"><img id="code_img_closed_309c963e-25ac-458c-b9a3-f820f9b49a7a" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_309c963e-25ac-458c-b9a3-f820f9b49a7a" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_309c963e-25ac-458c-b9a3-f820f9b49a7a" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> # <span style="color: rgba(0, 0, 255, 1)">yum</span> <span style="color: rgba(0, 0, 255, 1)">install</span><span style="color: rgba(0, 0, 0, 1)"> filebeat
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">Loaded plugins: fastestmirror, langpacks
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> base                                                                                                                                             | <span style="color: rgba(128, 0, 128, 1)">3.6</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 4</span> docker-ce-stable                                                                                                                                 | <span style="color: rgba(128, 0, 128, 1)">3.5</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 5</span> elastic-<span style="color: rgba(128, 0, 128, 1)">7</span>.x                                                                                                                                    | <span style="color: rgba(128, 0, 128, 1)">1.3</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 6</span> extras                                                                                                                                           | <span style="color: rgba(128, 0, 128, 1)">3.4</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 7</span> rsyslog_v8                                                                                                                                       | <span style="color: rgba(128, 0, 128, 1)">2.5</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 8</span> updates                                                                                                                                          | <span style="color: rgba(128, 0, 128, 1)">3.4</span> kB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>   
<span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">Loading mirror speeds from cached hostfile
</span><span style="color: rgba(0, 128, 128, 1)">10</span>*<span style="color: rgba(0, 0, 0, 1)"> base: ap.stykers.moe
</span><span style="color: rgba(0, 128, 128, 1)">11</span>*<span style="color: rgba(0, 0, 0, 1)"> extras: centos.ustc.edu.cn
</span><span style="color: rgba(0, 128, 128, 1)">12</span>*<span style="color: rgba(0, 0, 0, 1)"> updates: ap.stykers.moe
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(0, 0, 0, 1)">Resolving Dependencies
</span><span style="color: rgba(0, 128, 128, 1)">14</span> --&gt;<span style="color: rgba(0, 0, 0, 1)"> Running transaction check
</span><span style="color: rgba(0, 128, 128, 1)">15</span> ---&gt; Package filebeat.x86_64 <span style="color: rgba(128, 0, 128, 1)">0</span>:<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)"> will be installed
</span><span style="color: rgba(0, 128, 128, 1)">16</span> --&gt;<span style="color: rgba(0, 0, 0, 1)"> Finished Dependency Resolution
</span><span style="color: rgba(0, 128, 128, 1)">17</span>
<span style="color: rgba(0, 128, 128, 1)">18</span> <span style="color: rgba(0, 0, 0, 1)">Dependencies Resolved
</span><span style="color: rgba(0, 128, 128, 1)">19</span>
<span style="color: rgba(0, 128, 128, 1)">20</span> ========================================================================================================================================================================
<span style="color: rgba(0, 128, 128, 1)">21</span> <span style="color: rgba(0, 0, 0, 1)"> Package                                 Arch                                  Version                                 Repository                                  Size
</span><span style="color: rgba(0, 128, 128, 1)">22</span> ========================================================================================================================================================================
<span style="color: rgba(0, 128, 128, 1)">23</span> <span style="color: rgba(0, 0, 0, 1)">Installing:
</span><span style="color: rgba(0, 128, 128, 1)">24</span>filebeat                              x86_64                              <span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">1</span>                                 elastic-<span style="color: rgba(128, 0, 128, 1)">7</span>.x                                 <span style="color: rgba(128, 0, 128, 1)">23</span><span style="color: rgba(0, 0, 0, 1)"> M
</span><span style="color: rgba(0, 128, 128, 1)">25</span>
<span style="color: rgba(0, 128, 128, 1)">26</span> <span style="color: rgba(0, 0, 0, 1)">Transaction Summary
</span><span style="color: rgba(0, 128, 128, 1)">27</span> ========================================================================================================================================================================
<span style="color: rgba(0, 128, 128, 1)">28</span> Install<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)"> Package
</span><span style="color: rgba(0, 128, 128, 1)">29</span>
<span style="color: rgba(0, 128, 128, 1)">30</span> Total download size: <span style="color: rgba(128, 0, 128, 1)">23</span><span style="color: rgba(0, 0, 0, 1)"> M
</span><span style="color: rgba(0, 128, 128, 1)">31</span> Installed size: <span style="color: rgba(128, 0, 128, 1)">74</span><span style="color: rgba(0, 0, 0, 1)"> M
</span><span style="color: rgba(0, 128, 128, 1)">32</span> Is this ok : y
</span><span style="color: rgba(0, 128, 128, 1)">33</span> <span style="color: rgba(0, 0, 0, 1)">Downloading packages:
</span><span style="color: rgba(0, 128, 128, 1)">34</span> filebeat-<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-x86_64.rpm                                                                                                                        |<span style="color: rgba(128, 0, 128, 1)">23</span> MB<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">00</span>:<span style="color: rgba(128, 0, 128, 1)">07</span>   
<span style="color: rgba(0, 128, 128, 1)">35</span> <span style="color: rgba(0, 0, 0, 1)">Running transaction check
</span><span style="color: rgba(0, 128, 128, 1)">36</span> <span style="color: rgba(0, 0, 0, 1)">Running transaction test
</span><span style="color: rgba(0, 128, 128, 1)">37</span> <span style="color: rgba(0, 0, 0, 1)">Transaction test succeeded
</span><span style="color: rgba(0, 128, 128, 1)">38</span> <span style="color: rgba(0, 0, 0, 1)">Running transaction
</span><span style="color: rgba(0, 128, 128, 1)">39</span>   Installing : filebeat-<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">1</span>.x86_64                                                                                                                              <span style="color: rgba(128, 0, 128, 1)">1</span>/<span style="color: rgba(128, 0, 128, 1)">1</span>
<span style="color: rgba(0, 128, 128, 1)">40</span>   Verifying: filebeat-<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">1</span>.x86_64                                                                                                                              <span style="color: rgba(128, 0, 128, 1)">1</span>/<span style="color: rgba(128, 0, 128, 1)">1</span>
<span style="color: rgba(0, 128, 128, 1)">41</span>
<span style="color: rgba(0, 128, 128, 1)">42</span> <span style="color: rgba(0, 0, 0, 1)">Installed:
</span><span style="color: rgba(0, 128, 128, 1)">43</span>   filebeat.x86_64 <span style="color: rgba(128, 0, 128, 1)">0</span>:<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">1</span>                                                                                                                                             
<span style="color: rgba(0, 128, 128, 1)">44</span>
<span style="color: rgba(0, 128, 128, 1)">45</span> Complete!</pre>
</div>
<span class="cnblogs_code_collapse">View Code</span></div>
<p>&nbsp;</p>
<p>二. 进入/etc/filebeat下，修改配置文件filebeat.yml，结果如下：</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> # <span style="color: rgba(0, 0, 255, 1)">egrep</span> -v <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">#|^$</span><span style="color: rgba(128, 0, 0, 1)">"</span> /etc/filebeat/<span style="color: rgba(0, 0, 0, 1)">filebeat.yml
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">filebeat.inputs:
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> -<span style="color: rgba(0, 0, 0, 1)"> type: log
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span>   enabled: <span style="color: rgba(0, 0, 255, 1)">true</span>
<span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)">paths:
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span>   - /data/log<span style="color: rgba(0, 128, 0, 1)">/127.0.0.1/*</span><span style="color: rgba(0, 128, 0, 1)">.log    ##此处是rsyslog日志服务器集中采集本地日志文件
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 128, 0, 1)">filebeat.config.modules:
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 128, 0, 1)">path: ${path.config}/modules.d/*.yml
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 128, 0, 1)">reload.enabled: false
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 128, 0, 1)">setup.template.settings:
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(0, 128, 0, 1)">index.number_of_shards: 1
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 128, 0, 1)">setup.kibana:
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(0, 128, 0, 1)">output.elasticsearch:
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(0, 128, 0, 1)">hosts: ["localhost:9200"]</span></pre>
</div>
<p>&nbsp;</p>
<p>三. 官网给出的检查配置文件的TIPS</p>
<p>To test your configuration file, change to the directory where the Filebeat binary is installed, and run Filebeat in the foreground with the following options specified: <code class="literal">./filebeat test config -e</code>. Make sure your config files are in the path expected by Filebeat (see Directory layout), or use the <code class="literal">-c</code> flag to specify the path to the config file.</p>
<div class="cnblogs_code"><img id="code_img_closed_c629718d-9804-4ba7-977e-6f0769cfb0c0" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_c629718d-9804-4ba7-977e-6f0769cfb0c0" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_c629718d-9804-4ba7-977e-6f0769cfb0c0" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> # ./filebeat test config -e -c /etc/filebeat/<span style="color: rgba(0, 0, 0, 1)">filebeat.yml
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.678</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">607</span>    Home path: Config path: Data path: Logs path:
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.678</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">615</span>    Beat ID: 4f580ab1-f94b-44aa-99f4-<span style="color: rgba(0, 0, 0, 1)">364e6cf1d3b0
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.679</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">903</span>    Beat <span style="color: rgba(0, 0, 255, 1)">info</span>       {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system_info</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">beat</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">path</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">config</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">data</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin/data</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">home</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">logs</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin/logs</span><span style="color: rgba(128, 0, 0, 1)">"</span>}, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">type</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">filebeat</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">uuid</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">4f580ab1-f94b-44aa-99f4-364e6cf1d3b0</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}}}
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.679</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">912</span>    Build <span style="color: rgba(0, 0, 255, 1)">info</span>      {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system_info</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">build</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">commit</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">f940c36884d3749901a9c99bea5463a6030cdd9c</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">libbeat</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">7.4.0</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">time</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">2019-09-27T07:45:44.000Z</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">version</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">7.4.0</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}}}
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.679</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">915</span>    Go runtime <span style="color: rgba(0, 0, 255, 1)">info</span> {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system_info</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">go</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">os</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">linux</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">arch</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">amd64</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">max_procs</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 128, 1)">2</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">version</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">go1.12.9</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}}}
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.681</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">919</span>    Host <span style="color: rgba(0, 0, 255, 1)">info</span>       {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system_info</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">host</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">architecture</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">x86_64</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">boot_time</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">2019-09-30T14:57:02+08:00</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">containerized</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(0, 0, 255, 1)">false</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">name</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">LogServer</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ip</span><span style="color: rgba(128, 0, 0, 1)">"</span>:[<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">127.0.0.1/8</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">::1/128</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">172.33.7.51/24</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fe80::a65d:781a:3778:5b17/64</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">172.17.0.1/16</span><span style="color: rgba(128, 0, 0, 1)">"</span>],<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kernel_version</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">3.10.0-693.el7.x86_64</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac</span><span style="color: rgba(128, 0, 0, 1)">"</span>:[<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">28:6e:d4:88:c7:e1</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">28:6e:d4:88:c7:e2</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">02:42:79:dc:1e:df</span><span style="color: rgba(128, 0, 0, 1)">"</span>],<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">os</span><span style="color: rgba(128, 0, 0, 1)">"</span>:{<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">family</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">redhat</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">platform</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">centos</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">name</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">CentOS Linux</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">version</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">7 (Core)</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">major</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 128, 1)">7</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">minor</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 128, 1)">4</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">patch</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 128, 1)">1708</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">codename</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">Core</span><span style="color: rgba(128, 0, 0, 1)">"</span>},<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">timezone</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">CST</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">timezone_offset_sec</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 128, 1)">28800</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">id</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">be94151089484f0d834d4e8a2e118751</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}}}
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.681</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">948</span>    Process <span style="color: rgba(0, 0, 255, 1)">info</span>    {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system_info</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">process</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">capabilities</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">inheritable</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(0, 0, 255, 1)">null</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">permitted</span><span style="color: rgba(128, 0, 0, 1)">"</span>:[<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">chown</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_read_search</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fowner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fsetid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kill</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setgid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setuid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setpcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">linux_immutable</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_bind_service</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_broadcast</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_raw</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_lock</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_owner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_module</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_rawio</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_chroot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_ptrace</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_pacct</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_boot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_nice</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_resource</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_time</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_tty_config</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mknod</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">lease</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_write</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_control</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setfcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">syslog</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">wake_alarm</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">block_suspend</span><span style="color: rgba(128, 0, 0, 1)">"</span>],<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">effective</span><span style="color: rgba(128, 0, 0, 1)">"</span>:[<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">chown</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_read_search</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fowner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fsetid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kill</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setgid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setuid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setpcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">linux_immutable</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_bind_service</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_broadcast</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_raw</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_lock</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_owner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_module</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_rawio</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_chroot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_ptrace</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_pacct</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_boot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_nice</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_resource</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_time</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_tty_config</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mknod</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">lease</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_write</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_control</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setfcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">syslog</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">wake_alarm</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">block_suspend</span><span style="color: rgba(128, 0, 0, 1)">"</span>],<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">bounding</span><span style="color: rgba(128, 0, 0, 1)">"</span>:[<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">chown</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dac_read_search</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fowner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">fsetid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kill</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setgid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setuid</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setpcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">linux_immutable</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_bind_service</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_broadcast</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net_raw</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_lock</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ipc_owner</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_module</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_rawio</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_chroot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_ptrace</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_pacct</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_boot</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_nice</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_resource</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_time</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sys_tty_config</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mknod</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">lease</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_write</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">audit_control</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">setfcap</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_override</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mac_admin</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">syslog</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">wake_alarm</span><span style="color: rgba(128, 0, 0, 1)">"</span>,<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">block_suspend</span><span style="color: rgba(128, 0, 0, 1)">"</span>],<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ambient</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(0, 0, 255, 1)">null</span>}, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">cwd</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">exe</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/share/filebeat/bin/filebeat</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">name</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">filebeat</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">pid</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 128, 1)">105115</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ppid</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 128, 1)">104989</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">seccomp</span><span style="color: rgba(128, 0, 0, 1)">"</span>: {<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mode</span><span style="color: rgba(128, 0, 0, 1)">"</span>:<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">disabled</span><span style="color: rgba(128, 0, 0, 1)">"</span>}, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">start_time</span><span style="color: rgba(128, 0, 0, 1)">"</span>: <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">2019-10-05T21:04:53.660+0800</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}}}
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.681</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">292</span>    Setup Beat: filebeat; Version: <span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>
<span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.681</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO          idxmgmt/std.go:<span style="color: rgba(128, 0, 128, 1)">178</span>      Set output.elasticsearch.index to <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">filebeat-7.4.0</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)"> as ILM is enabled.
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.681</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO    elasticsearch/client.go:<span style="color: rgba(128, 0, 128, 1)">170</span>   Elasticsearch url: http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">localhost:9200</span>
<span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.682</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    INFO       pipeline/module.go:<span style="color: rgba(128, 0, 128, 1)">97</span><span style="color: rgba(0, 0, 0, 1)">   Beat name: LogServer
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T21:<span style="color: rgba(128, 0, 128, 1)">04</span>:<span style="color: rgba(128, 0, 128, 1)">54.682</span>+<span style="color: rgba(128, 0, 128, 1)">0800</span>    ERROR   fileset/modules.go:<span style="color: rgba(128, 0, 128, 1)">125</span>Not loading modules. Module directory not found: /usr/share/filebeat/bin/<span style="color: rgba(0, 0, 0, 1)">module
</span><span style="color: rgba(0, 128, 128, 1)">14</span> Config OK</pre>
</div>
<span class="cnblogs_code_collapse">View Code</span></div>
<p>&nbsp;</p>
<p>四. 加入自启动</p>
<div class="cnblogs_code">
<pre># /bin/systemctl daemon-<span style="color: rgba(0, 0, 0, 1)">reload
# /bin/<span style="color: rgba(0, 0, 0, 1)">systemctl enable filebeat.service
Created symlink from </span>/etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.</pre>
</div>
<p>&nbsp;</p>
<p>五. 启动服务</p>
<div class="cnblogs_code"><img id="code_img_closed_485e7c1a-f65e-4c32-852b-f198c497d36a" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_485e7c1a-f65e-4c32-852b-f198c497d36a" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_485e7c1a-f65e-4c32-852b-f198c497d36a" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> # systemctl start filebeat.service
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> # systemctl status filebeat.service
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> ? filebeat.service -<span style="color: rgba(0, 0, 0, 1)"> Filebeat sends log files to Logstash or directly to Elasticsearch.
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span>    Loaded: loaded (/usr/lib/systemd/system/<span style="color: rgba(0, 0, 0, 1)">filebeat.service; enabled; vendor preset: disabled)
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span>    Active: active (running) since Sat <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-<span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span><span style="color: rgba(0, 0, 0, 1)"> CST; 4s ago
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span>      Docs: https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">www.elastic.co/products/beats/filebeat</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span>Main PID: <span style="color: rgba(128, 0, 128, 1)">105264</span><span style="color: rgba(0, 0, 0, 1)"> (filebeat)
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span>    CGroup: /system.slice/<span style="color: rgba(0, 0, 0, 1)">filebeat.service
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span>            +-<span style="color: rgba(128, 0, 128, 1)">105264</span> /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/<span style="color: rgba(0, 0, 0, 1)">f...
</span><span style="color: rgba(0, 128, 128, 1)">10</span>
<span style="color: rgba(0, 128, 128, 1)">11</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.943</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO      instance/beat.go:<span style="color: rgba(128, 0, 128, 1)">422</span><span style="color: rgba(0, 0, 0, 1)">      filebeat start running.
</span><span style="color: rgba(0, 128, 128, 1)">12</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.943</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO      registrar/registrar.go:<span style="color: rgba(128, 0, 128, 1)">145</span>      Loading registrar data from /.../<span style="color: rgba(0, 0, 0, 1)">data.json
</span><span style="color: rgba(0, 128, 128, 1)">13</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.943</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO      registrar/registrar.go:<span style="color: rgba(128, 0, 128, 1)">152</span>      States Loaded from registrar: <span style="color: rgba(128, 0, 128, 1)">8</span>
<span style="color: rgba(0, 128, 128, 1)">14</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.944</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO      crawler/crawler.go:<span style="color: rgba(128, 0, 128, 1)">72</span>      Loading Inputs: <span style="color: rgba(128, 0, 128, 1)">1</span>
<span style="color: rgba(0, 128, 128, 1)">15</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.944</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO            log/log.go:<span style="color: rgba(128, 0, 128, 1)">118</span><span style="color: rgba(0, 0, 0, 1)">      Starting metrics logging every 30s
</span><span style="color: rgba(0, 128, 128, 1)">16</span> Oct <span style="color: rgba(128, 0, 128, 1)">05</span> <span style="color: rgba(128, 0, 128, 1)">21</span>:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38</span> LogServer filebeat[<span style="color: rgba(128, 0, 128, 1)">105264</span>]: <span style="color: rgba(128, 0, 128, 1)">2019</span>-<span style="color: rgba(128, 0, 128, 1)">10</span>-05T09:<span style="color: rgba(128, 0, 128, 1)">14</span>:<span style="color: rgba(128, 0, 128, 1)">38.945</span>-<span style="color: rgba(128, 0, 128, 1)">0400</span>      INFO      log/input.go:<span style="color: rgba(128, 0, 128, 1)">152</span>      Configured paths:
</span><span style="color: rgba(0, 128, 128, 1)">17</span> <span style="color: rgba(0, 128, 0, 1)">Oct 05 21:14:38 LogServer filebeat: 2019-10-05T09:14:38.945-0400      INFO      input/input.go:114      Starting input of type: log; ID: 1120...9762598069
</span><span style="color: rgba(0, 128, 128, 1)">18</span> <span style="color: rgba(0, 128, 0, 1)">Oct 05 21:14:38 LogServer filebeat: 2019-10-05T09:14:38.945-0400      INFO      crawler/crawler.go:106      Loading and starting Inputs compl... inputs: 1
</span><span style="color: rgba(0, 128, 128, 1)">19</span> <span style="color: rgba(0, 128, 0, 1)">Oct 05 21:14:38 LogServer filebeat: 2019-10-05T09:14:38.945-0400      INFO      cfgfile/reload.go:171      Config reloader started
</span><span style="color: rgba(0, 128, 128, 1)">20</span> <span style="color: rgba(0, 128, 0, 1)">Oct 05 21:14:38 LogServer filebeat: 2019-10-05T09:14:38.946-0400      INFO      cfgfile/reload.go:226      Loading of config files completed.
</span><span style="color: rgba(0, 128, 128, 1)">21</span> <span style="color: rgba(0, 128, 0, 1)">Hint: Some lines were ellipsized, use -l to show in full.</span></pre>
</div>
<span class="cnblogs_code_collapse">View Code</span></div>
<p>&nbsp;</p>
<p>六. 进程检查</p>
<p>&nbsp;</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> # <span style="color: rgba(0, 0, 255, 1)">ps</span> -aux | <span style="color: rgba(0, 0, 255, 1)">grep</span><span style="color: rgba(0, 0, 0, 1)"> filebeat
</span><span style="color: rgba(0, 128, 128, 1)">2</span> root   <span style="color: rgba(128, 0, 128, 1)">109342</span><span style="color: rgba(128, 0, 128, 1)">0.0</span><span style="color: rgba(128, 0, 128, 1)">0.6</span> <span style="color: rgba(128, 0, 128, 1)">1608036</span> <span style="color: rgba(128, 0, 128, 1)">52800</span> ?       SslOct06   <span style="color: rgba(128, 0, 128, 1)">1</span>:<span style="color: rgba(128, 0, 128, 1)">17</span> /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/<span style="color: rgba(0, 0, 0, 1)">filebeat
</span><span style="color: rgba(0, 128, 128, 1)">3</span> root   <span style="color: rgba(128, 0, 128, 1)">117142</span><span style="color: rgba(128, 0, 128, 1)">0.0</span><span style="color: rgba(128, 0, 128, 1)">0.0</span> <span style="color: rgba(128, 0, 128, 1)">112664</span>   <span style="color: rgba(128, 0, 128, 1)">980</span> pts/<span style="color: rgba(128, 0, 128, 1)">0</span>    S+   <span style="color: rgba(128, 0, 128, 1)">11</span>:<span style="color: rgba(128, 0, 128, 1)">44</span>   <span style="color: rgba(128, 0, 128, 1)">0</span>:<span style="color: rgba(128, 0, 128, 1)">00</span> <span style="color: rgba(0, 0, 255, 1)">grep</span> --color=auto filebeat</pre>
</div>
<p>&nbsp;</p>
<p>七. 检查启动成功后，到es服务器上查看索引，可以看到新增了一个以filebeat-7.4.0开头的索引，这就代表filesbeat和es能够正常通信了</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> # curl <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">localhost:9200/_cat/indices?v</span><span style="color: rgba(128, 0, 0, 1)">'</span>
<span style="color: rgba(0, 128, 128, 1)">2</span> <span style="color: rgba(0, 0, 0, 1)">health status index                            uuid                   pri rep docs.count docs.deleted store.size pri.store.size
</span><span style="color: rgba(0, 128, 128, 1)">3</span> greenopen   .kibana_task_manager_1         rIJCut09QuGYfuRbTUr2Wg   <span style="color: rgba(128, 0, 128, 1)">1</span>   <span style="color: rgba(128, 0, 128, 1)">0</span>          <span style="color: rgba(128, 0, 128, 1)">2</span>            <span style="color: rgba(128, 0, 128, 1)">0</span>   <span style="color: rgba(128, 0, 128, 1)">12</span>.5kb         <span style="color: rgba(128, 0, 128, 1)">12</span><span style="color: rgba(0, 0, 0, 1)">.5kb
</span><span style="color: rgba(0, 128, 128, 1)">4</span> greenopen   .apm-agent-configuration         TC9wWs0-R9Owna4G1kkuUw   <span style="color: rgba(128, 0, 128, 1)">1</span>   <span style="color: rgba(128, 0, 128, 1)">0</span>          <span style="color: rgba(128, 0, 128, 1)">0</span>            <span style="color: rgba(128, 0, 128, 1)">0</span><span style="color: rgba(0, 0, 0, 1)">       283b         283b
</span><span style="color: rgba(0, 128, 128, 1)">5</span> greenopen   .kibana_1                        9AfuMpbeS7mrVGti3rc0pw   <span style="color: rgba(128, 0, 128, 1)">1</span>   <span style="color: rgba(128, 0, 128, 1)">0</span>          <span style="color: rgba(128, 0, 128, 1)">2</span>            <span style="color: rgba(128, 0, 128, 1)">0</span>   <span style="color: rgba(128, 0, 128, 1)">11</span>.2kb         <span style="color: rgba(128, 0, 128, 1)">11</span><span style="color: rgba(0, 0, 0, 1)">.2kb
</span><span style="color: rgba(0, 128, 128, 1)">6</span> yellow open   filebeat-<span style="color: rgba(128, 0, 128, 1)">7.4</span>.<span style="color: rgba(128, 0, 128, 1)">0</span>-<span style="color: rgba(128, 0, 128, 1)">2019.10</span>.<span style="color: rgba(128, 0, 128, 1)">05</span>-<span style="color: rgba(128, 0, 128, 1)">000001</span> 2nhRfhN8RCG4DO6JaXeoaA   <span style="color: rgba(128, 0, 128, 1)">1</span>   <span style="color: rgba(128, 0, 128, 1)">1</span>   <span style="color: rgba(128, 0, 128, 1)">133314</span>            <span style="color: rgba(128, 0, 128, 1)">0</span>   <span style="color: rgba(128, 0, 128, 1)">33</span>.9mb         <span style="color: rgba(128, 0, 128, 1)">33</span>.9mb</pre>
</div>
<p>&nbsp;</p>
<p>八. 获取指定索引详细信息</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> # curl -XGET <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">localhost:9200/filebeat-7.4.0-2019.10.05-000001?pretty</span><span style="color: rgba(128, 0, 0, 1)">'</span>
<span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">{
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span>   <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">filebeat-7.4.0-2019.10.05-000001</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span>   <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">aliases</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span>       <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">filebeat-7.4.0</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span>         <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">is_write_index</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(0, 0, 255, 1)">true</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)">      }
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)">    },
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span>   <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mappings</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)">10</span>       <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">_meta</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)">11</span>         <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">beat</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">filebeat</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">,
</span><span style="color: rgba(0, 128, 128, 1)">12</span>         <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">version</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">7.4.0</span><span style="color: rgba(128, 0, 0, 1)">"</span>
<span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(0, 0, 0, 1)">      },
</span><span style="color: rgba(0, 128, 128, 1)">14</span>       <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">dynamic_templates</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : [
</span><span style="color: rgba(0, 128, 128, 1)">15</span> <span style="color: rgba(0, 0, 0, 1)">      {
</span><span style="color: rgba(0, 128, 128, 1)">16</span>         <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">labels</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)">17</span>             <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">path_match</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">labels.*</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">,
</span><span style="color: rgba(0, 128, 128, 1)">18</span>             <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">match_mapping_type</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">string</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">,
</span><span style="color: rgba(0, 128, 128, 1)">19</span>             <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">mapping</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> : {
</span><span style="color: rgba(0, 128, 128, 1)">20</span>               <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">type</span><span style="color: rgba(128, 0, 0, 1)">"</span> : <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">keyword</span><span style="color: rgba(128, 0, 0, 1)">"</span>
<span style="color: rgba(0, 128, 128, 1)">21</span> <span style="color: rgba(0, 0, 0, 1)">            }
</span><span style="color: rgba(0, 128, 128, 1)">22</span> <span style="color: rgba(0, 0, 0, 1)">          }
</span><span style="color: rgba(0, 128, 128, 1)">23</span>         }......</pre>
</div>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<div class="titlepage">
<div>
<div>
<h3 class="title">Default paths</h3>
</div>
</div>
</div>
<p>Filebeat uses the following default paths unless you explicitly change them.</p>
<h5>&nbsp;</h5>
<div class="informaltable">
<table border="1" cellpadding="4"><colgroup><col class="col_1"><col class="col_2"><col class="col_3"></colgroup>
<thead>
<tr><th align="left" valign="top">Type</th><th align="left" valign="top">Description</th><th align="left" valign="top">Location</th></tr>
</thead>
<tbody>
<tr>
<td align="left" valign="top">
<p><span class="strong strong"><strong>home</strong></span></p>
</td>
<td align="left" valign="top">
<p>Home of the Filebeat installation.</p>
</td>
<td align="left" valign="top">
<p><code class="literal">/usr/share/filebeat</code></p>
</td>
</tr>
<tr>
<td align="left" valign="top">
<p><span class="strong strong"><strong>bin</strong></span></p>
</td>
<td align="left" valign="top">
<p>The location for the binary files.</p>
</td>
<td align="left" valign="top">
<p><code class="literal">/usr/share/filebeat/bin</code></p>
</td>
</tr>
<tr>
<td align="left" valign="top">
<p><span class="strong strong"><strong>config</strong></span></p>
</td>
<td align="left" valign="top">
<p>The location for configuration files.</p>
</td>
<td align="left" valign="top">
<p><code class="literal">/etc/filebeat</code></p>
</td>
</tr>
<tr>
<td align="left" valign="top">
<p><span class="strong strong"><strong>data</strong></span></p>
</td>
<td align="left" valign="top">
<p>The location for persistent data files.</p>
</td>
<td align="left" valign="top">
<p><code class="literal">/var/lib/filebeat</code></p>
</td>
</tr>
<tr>
<td align="left" valign="top">
<p><span class="strong strong"><strong>logs</strong></span></p>
</td>
<td align="left" valign="top">
<p>The location for the logs created by Filebeat.</p>
</td>
<td align="left" valign="top">
<p><code class="literal">/var/log/filebeat</code></p>
</td>
</tr>
</tbody>
</table>
</div>
<p>For the deb and rpm distributions, these paths are set in the init script or in the systemd unit file. Make sure that you start the Filebeat service by using the preferred operating system method (init scripts or <code class="literal">systemctl</code>). Otherwise the paths might be set incorrectly.</p>
<p>&nbsp;</p><br><br>
来源：https://www.cnblogs.com/wintersweet321/p/11625855.html

查看完整版本: Centos 7.4下安装FileBeat