Using Filebeat dedicated and send logs to different IP


(Wahyu Putra) #1

Hi,
I am a newcomer here especially logs monitory system. I am learning to build log system.
Basically, i choose the opensource :slight_smile:

So, i have 2 VPS right now.
In the first VPS (x.x.x.x), there are Graylog v2.4, Elasticsearch v5.6.9, and MongoDB v3.0.15 and in the second VPS (x.x.x.y), there are Apache or Nginx and Filebeat.

If i want to send Apache's or Nginx's logs using Filebeat into the first VPS, is it possible ?

For example, i will use Apache.

filebeat.modules:

  • module: apache2
  • type: log
    paths:
    - /var/log/apache2/myweb.log

output.elasticsearch
hosts: ["x.x.xx:9200"]

is it true ?
Sorry, i am so confused. I read so many example filebeat configurations in Google but don't understand how they do that

Sorry, if my questions is very fool, i am trying to understand by myself but i need guidance. No bully please :slight_smile:


(Adrian Serrano) #2

Hi,

Yes, that is exactly how Beats are meant to be used. You run them in the host where the data to collect resides and usually send the output to a dedicated server running Elasticsearch.

So in your case you only need to add the IP or hostname for VPS#1 in the hosts field in your elasticsearch output configuration:

output.elasticsearch:
   hosts: ["x.x.x.x:9200"]

Note that in your example you're missing a colon (:) at the end of the output.elasticsearch: line. I suggest you use the filebeat test config command to make sure everything is fine.

Don't hesitate to use this forum to post any more questions you may have :slight_smile:


(Wahyu Putra) #3

Hello, thank you very much for your help.
My Filebeat version is 6.3.1 (Latest update)
So, i follow these steps to send apache2 logs https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-apache2.html

$ filebeat modules enable apache2
And then, i go to /etc/filebeat/modules.d/apache2.yml

- module: apache2

Access logs

access:
enabled: true

# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: /var/log/apache2/access.log

Error logs

error:
enabled: true

# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: /var/log/apache2/error.log

And then i type this command

filebeat setup -e

I got errors

I have set my output.elasticsearch like this image and gave comment (#) setup.kibana and restarted filebeat (service filebeat restart) but still got same error. Error creating Kibana.

Should i put output.elasticsearch into apache2.yml (modules.d) ? or it should be put in filebeat.yml ? and what is filebeat.reference.yml ? I noticed output.elasticsearch in filebeat.reference.yml.


(Adrian Serrano) #4

Only one output is possible and it must be in the main configuration file (filebeat.yml).


(Wahyu Putra) #5

Ok. It means my config should be right. But, after service filebeat restart. The terminal still tell the error that kibana is needed :cry:


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.