How to build Beats for ArchLinux ARM

Elastic Stack Beats
,
1

Hi,
If you know how to use ALARM (ArchLinux ARM) this will help you build beats for the distro. For technical reasons the package seems excluded on the distro. I have also done some reading on the discuss site and mostly found the answers i was after here. So, I am contributing back.

I hope this will help you in designing monitoring for your IoT devices doing 'things' out there. Of course you can start getting output of the GPIO (Raspberry Pi's / Odroid etc) for devices and sending that to files for filebeat to pick up etc..... and so on.

You need 9 files to do this and to put them in 1 folder on your ALARM device/soc/whatever.

Here are the destruction's first. I assume you know you way around ALARM.

  1. Have the base-devel package installed at minimum (as root)

# pacman -S base-devel

  1. Install any other dependency listed in makedepends of PKGBUILD

  2. Create the files with the content outlined below and check they exist

# ls
auditbeat.install  auditbeat.service  filebeat.service	heartbeat.service  journalbeat.service	metricbeat.service  packetbeat.service	PKGBUILD  tmpfile.conf
  1. Make the packages (non-root user)

$ makepkg

Good luck with it, i hope the package builds for you 1st go.

Here are the 9 files you need to make these beats for ARM or ARM 64 ArchLinux ARM (ALARM)

  1. PKGBUILD
# Maintainer: A Bloke
# Contributor: n/a <na>

pkgbase=beats
pkgname=(filebeat packetbeat heartbeat-elastic auditbeat journalbeat metricbeat)
pkgver=7.8.0
pkgrel=1
pkgdesc='Data shippers for Elasticsearch for Arch Linux ARM'
arch=('armv7h' 'aarch64')
url='https://www.elastic.co/products/beats'
license=('Apache')
depends=('glibc')
makedepends=('go' 'git' 'libpcap' 'python' 'rsync' 'audit' 'systemd')
optdepends=('elasticsearch: for standalone installation')
options=('!makeflags')
source=("https://github.com/elastic/beats/archive/v$pkgver/beats-$pkgver.tar.gz"
        "filebeat.service"
        "packetbeat.service"
        "metricbeat.service"
        "heartbeat.service"
        "auditbeat.service"
        "journalbeat.service"
        "tmpfile.conf")
sha512sums=('a17b39b590d6bc7e23b74a63f4cc3dcb5defe26dbe1af1cc5dc007bcfc5b316a6b562889be572d2f9f0669db19e58b8920e06faad3c1280a8c0045481776afc1'
            '4d8b160482ba27bdc63c79592f310f2c9bcd2e8e5d3aec5ba9d953f37916bffef57c0f21e3776f4712f87e9a1b90e42dba6058f72bbc4c75380a959276183a59'
            'f1e6fe6b677db31326433f4e3eef72356573c6947d653dbe6bc2151581444f80e09343fbf8544952aae82a061b87705e39c8741ea8e402ad53ac3552f532cfea'
            '7e4081b5173d1b58a783f1808f1a9ba4548498de87bdfc1960538d6df4f4da8f900f0e027aeff83ebfe0d81e6aa91db77c520bda76441e6bcaa6fd8a79fbb57a'
            '5f20f160fea1d517d98cf220dc15ca7fa883fbbb3fde78255bbdd6f70ae556b4d750462af49599e27fefdc435761eedcc8bd06f4870211bc35bffa246e1e9dd3'
            'f9e015a0789946ff78a62839c9d0af40e557774e14df6de9008d5fa7786377131c74111332496ec7e6303467eb4151b185a2a4cfaa8a1e77c894be50fc22d69b'
            '45c986c3bca6fed329ff9c8f1f9c3f7de7d2a072227bed618b20cd03eb045f321995b97fa5a10a93cdbb699bfb4739d7e8256c6a99e985477532fa2dcfb58082'
            'b6bf266c04395c6733f0e57c5acf1d8f385a2b898c36f0af201c0702ac8c8c77cbad925c01670d799a1f173e85745a17baa13fda48119b2e022f9c47f9ce4fc9')

prepare() {
    export GOPATH="$srcdir"/go
    mkdir -p "$GOPATH"

    cd "$srcdir"/beats-$pkgver
 
    #git items - require for metricbeats
    git config --global user.name "Elastic"
    git init   # git root required by one of the build scripts
    git commit --allow-empty -n -m "Initial commit"
    git config --global user.name ""
    # Perform some timestomping to avoid make warnings
    LANG=C _t="$(date -r Makefile +'%Y-%m-%d %k:%M:%S')"
    touch -m -d "$_t" */Makefile
     
    # install magefile
    # Use version instead of commit id
    sed -ri "s/^COMMIT_ID=.*/COMMIT_ID=$pkgver/" libbeat/scripts/Makefile
}

build() {
    if [[ $CARCH == 'armv7h' ]] ; then 
      GOARCH=arm go env
    fi
    if [[ $CARCH == 'aarch64' ]] ; then 
      GOARCH=arm64 go env
    fi

    export CGO_LDFLAGS="${LDFLAGS}"
    export CGO_CFLAGS="${CFLAGS}"
    export CGO_CPPFLAGS="${CPPFLAGS}"
    export CGO_CXXFLAGS="${CXXFLAGS}"
    export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
    export GOPATH="$srcdir"
    export PATH="$GOPATH/bin:$PATH"
    export GOROOT=/usr/lib/go

    cd "$srcdir"/beats-$pkgver
    go get github.com/magefile/mage
    cd libbeat
    make update

    for beat in ${pkgname[@]}; do
        beat="${beat%-elastic}"
        echo "-> Building $beat..."
        if [ ${beat} == "metricbeat" ]; then
              cd ../libbeat
              sed -ri "s/^ES_BEATS\?=.*/ES_BEATS\?=vendor\/github.com\/elastic\/beats## @community_beat Must be set to .\/vendor\/github.com\/elastic\/beats. It must always be a relative path./" scripts/Makefile
              cd ../$beat
              mage build
              mage update
        else
          cd ../$beat
          make $beat
          make update
        fi
    done
}

_do_package_beat() {
    _pkgname="${pkgname%-elastic}"

    backup=(etc/$_pkgname/$_pkgname.yml)

    install -dm755 "$pkgdir"/{etc,usr/share,usr/share/licenses,var/lib}/$_pkgname
    install -dm755 "$pkgdir"/usr/lib/tmpfiles.d

    cd "$srcdir"/beats-$pkgver
    install -Dm644 NOTICE.txt "$pkgdir"/usr/share/licenses/$pkgname/NOTICE.txt

    cd $_pkgname

    cp $_pkgname.{yml,reference.yml} "$pkgdir"/etc/$_pkgname
    install -Dm644 fields.yml "$pkgdir"/etc/$_pkgname/fields.yml

    install -Dm755 $_pkgname \
                   "$pkgdir"/usr/bin/$_pkgname
    install -Dm644 "$srcdir"/$_pkgname.service \
                   "$pkgdir"/usr/lib/systemd/system/$_pkgname.service

    sed "s/BEATNAME/$_pkgname/g" "$srcdir"/tmpfile.conf > "$pkgdir"/usr/lib/tmpfiles.d/$_pkgname.conf

    if [ -d build/kibana ]; then
        cp -R build/kibana "$pkgdir"/usr/share/$_pkgname/
    elif [ -d _meta/kibana.generated ]; then
        cp -R _meta/kibana.generated "$pkgdir"/usr/share/$_pkgname/kibana
    fi
}


package_metricbeat() {
    pkgdesc='Server monitoring agent that sends metrics to Elasticsearch'
    conflicts=('topbeat')
    replaces=('topbeat')

    _do_package_beat
    cp -R modules.d "$pkgdir"/etc/$_pkgname/
}

package_filebeat() {
    pkgdesc='Sends log files to Logstash or directly to Elasticsearch - named like this due to filebeat package in AUR Community'

    _do_package_beat
    cp -R build/package/modules.d "$pkgdir"/etc/$_pkgname/
    cp -R build/package/module "$pkgdir"/usr/share/$_pkgname/
}

package_packetbeat() {
    pkgdesc='Analyzes network traffic and sends the data to Elasticsearch'
    depends=('libpcap')

    _do_package_beat
}

package_heartbeat-elastic() {
    pkgdesc='Ping remote services for availability and log results to Elasticsearch or send to Logstash'
    conflicts=('heartbeat')
    replaces=('heartbeat')

    _do_package_beat
    cp -R monitors.d "$pkgdir"/etc/$_pkgname/
}

package_auditbeat() {
    pkgdesc='Audit the activities of users and processes on your system'
    depends=('audit')
    install='auditbeat.install'

    _do_package_beat
    install -D module/auditd/_meta/audit.rules.d/sample-rules-linux-64bit.conf "$pkgdir"/etc/$_pkgname/audit.rules.d/sample-rules.conf.disabled
}

package_journalbeat() {
    pkgdesc='Data collector to ship systemd journal entries to Elasticsearch or Logstash'

    _do_package_beat
}


# vim: ts=4 sw=4 et:
  1. auditbeat.install
post_install() {
    echo "CONFIG_AUDIT is disabled in the Arch kernel packages so a custom kernel"
    echo "is required for the Auditbeat auditd module to work. However, some features"
    echo "like the the file integrity module will work fine without kernel audit support."
    echo "The package linux-hardened has full support for audit."
}
  1. auditbeat.service
[Unit]
Description=Audit the activities of users and processes on your system.
Documentation=https://www.elastic.co/products/beats/auditbeat
Wants=network-online.target
After=network-online.target

[Service]

Environment="BEAT_LOG_OPTS=-e"
Environment="BEAT_CONFIG_OPTS=-c /etc/auditbeat/auditbeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/auditbeat -path.config /etc/auditbeat -path.data /var/lib/auditbeat -path.logs /var/log/auditbeat"
ExecStart=/usr/bin/auditbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. filebeat.service
[Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/products/beats/filebeat
Wants=network-online.target
After=network-online.target

[Service]
Environment="BEAT_LOG_OPTS=-e"
Environment="BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
ExecStart=/usr/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. heatbeat.service
[Unit]
Description=Ping remote services for availability and log results to Elasticsearch or send to Logstash.
Documentation=https://www.elastic.co/products/beats/heartbeat
Wants=network-online.target
After=network-online.target

[Service]

Environment="BEAT_LOG_OPTS=-e"
Environment="BEAT_CONFIG_OPTS=-c /etc/heartbeat/heartbeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/heartbeat -path.config /etc/heartbeat -path.data /var/lib/heartbeat -path.logs /var/log/heartbeat"
ExecStart=/usr/bin/heartbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. journalbeat.service
[Unit]
Description=Journalbeat ships systemd journal entries to Elasticsearch or Logstash.
Documentation=https://www.elastic.co/products/beats/journalbeat
Wants=network-online.target
After=network-online.target

[Service]

Environment="BEAT_LOG_OPTS=-e"
Environment="BEAT_CONFIG_OPTS=-c /etc/journalbeat/journalbeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/journalbeat -path.config /etc/journalbeat -path.data /var/lib/journalbeat -path.logs /var/log/journalbeat"
ExecStart=/usr/bin/journalbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. metricbeat.service
[Unit]
Description=Metricbeat is a lightweight shipper for metrics.
Documentation=https://www.elastic.co/products/beats/metricbeat
Wants=network-online.target
After=network-online.target

[Service]

Environment="BEAT_LOG_OPTS=-e"
Environment="BEAT_CONFIG_OPTS=-c /etc/metricbeat/metricbeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/metricbeat -path.config /etc/metricbeat -path.data /var/lib/metricbeat -path.logs /var/log/metricbeat"
ExecStart=/usr/bin/metricbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. packetbeat.service
[Unit]
Description=Real-Time Packet Analyzer
Documentation=https://www.elastic.co/guide/en/beats/packetbeat/current/index.html
After=network.target

[Service]
ExecStart=/usr/bin/packetbeat -c /etc/packetbeat/packetbeat.yml -path.home /usr/share/packetbeat -path.config /etc/packetbeat -path.data /var/lib/packetbeat -path.logs /var/log/packetbeat
Restart=on-failure

[Install]
WantedBy=multi-user.target
  1. tmpfile.conf
d /var/log/BEATNAME 0755 root root -
d /var/lib/BEATNAME 0755 root root -

and that's it. I hope this helps someone out.

1 Like
2

Thanks for sharing this! We have merged ARM build support for Beats into our main branch as per https://github.com/elastic/beats/pull/17301.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.