Created
April 20, 2020 03:13
-
-
Save Zobber/09fe6414729b5a38dd9f70eb28624963 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.2-amd64.deb | |
| sudo dpkg -i filebeat-7.6.2-amd64.deb | |
| ##### Modify /etc/filebeat/filebeat.yml to set the connection information: | |
| output.elasticsearch: | |
| hosts: ["<es_url>"] | |
| username: "elastic" | |
| password: "<password>" | |
| setup.kibana: | |
| host: "<kibana_url>" | |
| sudo filebeat modules enable zeek | |
| ##### Modify the settings in the /etc/filebeat/modules.d/zeek.yml file. | |
| sudo filebeat setup | |
| sudo service filebeat start | |
| ##### Show debug | |
| filebeat -e -d "*" | |
| ##### Test config | |
| filebeat test config -c filebeat.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment