-
Notifications
You must be signed in to change notification settings - Fork 33
/
filebeat.yml
143 lines (114 loc) · 4.14 KB
/
filebeat.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
######################## Filebeat Configuration ############################
#=========================== Filebeat prospectors =============================
filebeat.inputs:
- type: log
paths:
- /var/log/syslog
- /var/log/mail.log
- /var/log/auth.log
fields:
log_type: syslog
fields_under_root: true
- type: log
paths:
/var/log/apache2/access.log
fields:
log_type: apache
fields_under_root: true
- type: log
paths:
/var/log/apache2/other_vhosts_access.log
fields:
log_type: apache-other-vhost
fields_under_root: true
- type: log
paths:
/var/log/apache2/error.log
fields:
log_type: apache-error
fields_under_root: true
- type: log
paths:
/var/log/varnish/varnishncsa.log
fields:
log_type: varnish
fields_under_root: true
- type: log
paths:
/var/log/dpkg.log
fields:
log_type: dpkg
fields_under_root: true
- type: log
paths:
/var/log/fail2ban.log
fields:
log_type: fail2ban
fields_under_root: true
#========================= Filebeat global options ============================
#filebeat.registry_file: /var/lib/filebeat/registry
#================================ Outputs ======================================
#----------------------------- Logstash output ---------------------------------
output.logstash:
enabled: true
# The Logstash hosts
#hosts: ["localhost:5044"]
hosts: ["172.16.4.21:5001"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/logstash/logstash-forwarder.crt"]
# Certificate for TLS client authentication
#ssl.certificate: "/etc/logstash/logstash-forwarder.crt"
# Client Certificate Key
#ssl.key: "/etc/logstash/logstash-forwarder.key"
# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full
ssl.verification_mode: none
#================================ Logging ======================================
# There are three options for the log output: syslog, file, stderr.
# Under Windows systems, the log files are per default sent to the file output,
# under all other system per default to syslog.
# Sets log level. The default log level is info.
# Available log levels are: critical, error, warning, info, debug
#logging.level: info
logging.level: info
# Enable debug output for selected components. To enable all selectors use ["*"]
# Other available selectors are "beat", "publish", "service"
# Multiple selectors can be chained.
#logging.selectors: [ ]
# Send all logging output to syslog. The default is false.
#logging.to_syslog: true
logging.to_syslog: false
# If enabled, filebeat periodically logs its internal metrics that have changed
# in the last period. For each metric that changed, the delta from the value at
# the beginning of the period is logged. Also, the total values for
# all non-zero internal metrics are logged on shutdown. The default is true.
#logging.metrics.enabled: true
# The period after which to log the internal metrics. The default is 30s.
#logging.metrics.period: 30s
# Logging to rotating files files. Set logging.to_files to false to disable logging to
# files.
logging.to_files: true
logging.files:
# Configure the path where the logs are written. The default is the logs directory
# under the home path (the binary location).
#path: /var/log/filebeat
path: /var/log/filebeat
# The name of the files where the logs are written to.
#name: filebeat
name: filebeat.log
# Configure log file size limit. If limit is reached, log file will be
# automatically rotated
#rotateeverybytes: 10485760 # = 10MB
rotateeverybytes: 10485760 # = 10MB
# Number of rotated log files to keep. Oldest files will be deleted first.
#keepfiles: 7
keepfiles: 7
# The permissions mask to apply when rotating log files. The default value is 0600.
# Must be a valid Unix-style file permissions mask expressed in octal notation.
#permissions: 0600
# Set to true to log messages in json format.
#logging.json: false