### 官方網站 [https://www.elastic.co/cn/beats/filebeat](https://www.elastic.co/cn/beats/filebeat) ## rpm安裝包 filebeat-7.16.2-x86_64.rpm ## 配置文件 filebeat.yml ``` # ============================== Filebeat inputs =============================== filebeat.inputs: # Each - is an input. Most options can be set at the input level, so # you can use different inputs for various configurations. # Below are the input specific configurations. - type: log # Change to true to enable this input configuration. enabled: true # Paths that should be crawled and fetched. Glob based paths. paths: - /var/log/*.log - /var/log/messages - type: syslog format: auto enabled: true protocol.udp: #host: "localhost:514" host: "0.0.0.0:514" #- c:\programdata\elasticsearch\logs\* ``` 啟動filebeat，指定配置文件 `filebeat -e -c text.yml` ``` filebeat -e -c filebeat.yml ``` ``` systemctl start filebeat #啟動服務 systemctl enable filebeat #filebeat開機自啟動 ``` ``` [root@457hu66h2ds69Z filebeat]# more /usr/lib/systemd/system/filebeat.service [Unit] Description=Filebeat sends log files to Logstash or directly to Elasticsearch. Documentation=https://www.elastic.co/beats/filebeat Wants=network-online.target After=network-online.target [Service] UMask=0027 Environment="GODEBUG='madvdontneed=1'" Environment="BEAT_LOG_OPTS=" Environment="BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml" Environment="BEAT_PATH_OPTS=--path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat" ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS Restart=always [Install] WantedBy=multi-user.target ```