1. Install
yum install filebeat
OR
rpm -ihv filebeat-1.3.0-x86_64.rpm
2. Add service (optional)
chkconfig --add filebeat
3. Edit /etc/filebeat/filebeat.yml
- /var/log/vsftpd.log
input_type: log
include_lines: ["DOWNLOAD", "UPLOAD"]
document_type: vsftpd
logstash:
hosts: ["logstash.local.net:5044"]
4. Debug and check config
filebeat -d "*" -e -c /etc/filebeat/filebeat.yml
2016/09/09 06:51:15.252655 publish.go:109: DBG Publish: {
"@timestamp": "2016-09-09T06:51:10.766Z",
"beat": {
"hostname": "ftp",
"name": "ftp"
},
"count": 1,
"fields": null,
"input_type": "log",
"message": "Fri Sep 9 13:51:06 2016 [pid 8989] [user] OK DOWNLOAD: Client \"10.1.1.1\", \"/share/LIST.TXT\", 210 bytes, 64.31Kbyte/sec",
"offset": 35301580,
"source": "/var/log/vsftpd.log",
"type": "vsftpd"
}
2016/09/09 06:51:15.25
5. Start service
service filebeat start
