cp /etc/init.d/filebeat /etc/init.d/filebeat2
** patch **
diff -u /etc/init.d/filebeat /etc/init.d/filebeat2 #patch
--- /etc/init.d/filebeat 2018-10-31 06:25:05.000000000 +0800
+++ /etc/init.d/filebeat2 2019-03-08 14:24:37.945218496 +0800
@@ -23,9 +23,9 @@
export PATH
[ -f /etc/sysconfig/filebeat ] && . /etc/sysconfig/filebeat
-pidfile=${PIDFILE-/var/run/filebeat.pid}
+pidfile=${PIDFILE-/var/run/filebeat2.pid}
agent=${BEATS_AGENT-/usr/share/filebeat/bin/filebeat}
-args="-c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
+args="-c /etc/filebeat2/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat2 -path.data /var/lib/filebeat2 -path.logs /var/log/filebeat2"
test_args="-e test config"
beat_user="${BEAT_USER:-root}"
wrapper="/usr/share/filebeat/bin/filebeat-god"
cp -Rf /etc/filebeat /etc/filebeat2 cp modules.d/apache2.yml.disabled modules.d/apache2.yml
filebeat.config.modules.path: /etc/filebeat2/modules.d/*.yml
output:
elasticsearch:
hosts: ["xx.xx.xx.xx:xx1"]
username: "pixara"
password: "pixara403"
setup.kibana:
host: "xx.xx.xx.xx:xx2"
username: "pixara"
password: "pixara403"
diff -u apache2.yml.disabled apache2.yml
--- apache2.yml.disabled 2019-03-08 13:43:44.653165809 +0800
+++ apache2.yml 2019-03-08 14:41:12.666207062 +0800
@@ -6,6 +6,7 @@
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
+ var.paths: ["/www/apachelog/*_access_log"]
# Error logs
error:
@@ -14,3 +15,4 @@
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
+ var.paths: ["/www/apachelog/*_error_log"]
filebeat -path.config /etc/filebeat2 -c /etc/filebeat2/filebeat.yml setup
/usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip
/usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-user-agent
service elasticsearch restart