diff --git a/hexo/2024/05/29/Kubernetes-Service/index.html b/hexo/2024/05/29/Kubernetes-Service/index.html index 049d1693..4fa05beb 100644 --- a/hexo/2024/05/29/Kubernetes-Service/index.html +++ b/hexo/2024/05/29/Kubernetes-Service/index.html @@ -336,9 +336,9 @@

- + - FluentBit安装 + Filebeat安装 上一篇 diff --git a/hexo/2024/06/11/ELK-Filebeat/index.html b/hexo/2024/06/11/ELK-Filebeat/index.html index 58a9d34a..5e6eca37 100644 --- a/hexo/2024/06/11/ELK-Filebeat/index.html +++ b/hexo/2024/06/11/ELK-Filebeat/index.html @@ -325,12 +325,18 @@

配置 + + + FluentBit安装 + 上一篇 + +

- - FluentBit安装 + + Kubernetes-Service/Ingress 下一篇 diff --git a/hexo/2024/06/11/ELK-FluentBit/index.html b/hexo/2024/06/11/ELK-FluentBit/index.html index 3270cb6e..1b00854c 100644 --- a/hexo/2024/06/11/ELK-FluentBit/index.html +++ b/hexo/2024/06/11/ELK-FluentBit/index.html @@ -24,7 +24,7 @@ - + @@ -290,9 +290,9 @@

@INCLUDE secure-input.conf @INCLUDE secure-filter.conf @INCLUDE secure-output.conf -@INCLUDE message-input.conf -@INCLUDE message-filter.conf -@INCLUDE message-output.conf +@INCLUDE messages-input.conf +@INCLUDE messages-filter.conf +@INCLUDE messages-output.conf EOF

采集secure日志配置

cat <<EOF>> /etc/fluent-bit/parsers.conf
@@ -351,41 +351,41 @@ 
    rdkafka.request.required.acks 1
 EOF
-

采集message kernel日志

cat <<EOF>/etc/fluent-bit/message-input.conf
+
采集message kernel日志
cat <<EOF>/etc/fluent-bit/messages-input.conf
 [INPUT]
     Name tail
-    Path /var/log/message
-    Tag kube-message.*
-    DB                /var/log/flb_kube_message.db
+    Path /var/log/messages
+    Tag kube-messages.*
+    DB                /var/log/flb_kube_messages.db
     Mem_Buf_Limit     1MB
     Skip_Long_Lines   On
     Refresh_Interval  10
 EOF
 
-cat <<EOF> /etc/fluent-bit/message-filter.conf
+cat <<EOF> /etc/fluent-bit/messages-filter.conf
 [FILTER]
     Name grep
-    Match kube-message.*
+    Match kube-messages.*
     Regex log /.*kernel.*/
 
 [FILTER]
     Name parser
-    Match kube-message.*
+    Match kube-messages.*
     Key_Name log
     Parser axzo-os-log
 
 [FILTER]
     Name modify
-    Match kube-message.*
+    Match kube-messages.*
     Add IP $IP
 EOF
 
-cat <<EOF>/etc/fluent-bit/message-output.conf
+cat <<EOF>/etc/fluent-bit/messages-output.conf
 [OUTPUT]
     Name           kafka
-    Match          kube-message.*
+    Match          kube-messages.*
     Brokers        192.168.1.9:9092,192.168.1.9:9091,192.168.1.9:9093
-    Topics         os-message-logs
+    Topics         os-messages-logs
     Timestamp_Key  @timestamp
     Timestamp_Format iso8601
     Retry_Limit    false
@@ -446,18 +446,12 @@ 
启动
                     
                     
-                      
-                        
-                        Filebeat安装
-                        上一篇
-                      
-

- - Kubernetes-Service/Ingress + + Filebeat安装 下一篇 diff --git a/hexo/archives/2024/06/index.html b/hexo/archives/2024/06/index.html index 8ec7ab57..b18843b8 100644 --- a/hexo/archives/2024/06/index.html +++ b/hexo/archives/2024/06/index.html @@ -222,15 +222,15 @@

2024

- + -
Filebeat安装
+
FluentBit安装
 - + -
FluentBit安装
+
Filebeat安装
 diff --git a/hexo/archives/2024/index.html b/hexo/archives/2024/index.html index 0c545c23..638e6b66 100644 --- a/hexo/archives/2024/index.html +++ b/hexo/archives/2024/index.html @@ -222,15 +222,15 @@

2024

- + -
Filebeat安装
+
FluentBit安装
 - + -
FluentBit安装
+
Filebeat安装
 diff --git a/hexo/archives/index.html b/hexo/archives/index.html index 78d5107a..ed5ab11e 100644 --- a/hexo/archives/index.html +++ b/hexo/archives/index.html @@ -222,15 +222,15 @@

2024

- + -
Filebeat安装
+
FluentBit安装
 - + -
FluentBit安装
+
Filebeat安装
 diff --git a/hexo/categories/ELK/index.html b/hexo/categories/ELK/index.html index 2fce8962..3d9df797 100644 --- a/hexo/categories/ELK/index.html +++ b/hexo/categories/ELK/index.html @@ -222,15 +222,15 @@

2024

- + -
Filebeat安装
+
FluentBit安装
 - + -
FluentBit安装
+
Filebeat安装
 diff --git a/hexo/categories/index.html b/hexo/categories/index.html index 0a9cf714..eb03f690 100644 --- a/hexo/categories/index.html +++ b/hexo/categories/index.html @@ -327,19 +327,19 @@ - - Filebeat安装 + FluentBit安装 - - FluentBit安装 + Filebeat安装 diff --git a/hexo/index.html b/hexo/index.html index e76851f7..e2c9fe2b 100644 --- a/hexo/index.html +++ b/hexo/index.html @@ -224,13 +224,13 @@

- - Filebeat安装 + + FluentBit安装

- +
@@ -285,13 +285,13 @@

官方文档

mkdir ~/downloadswget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.14.2-x86_64.rpm -O ~/downloads/filebeat-7.14.2-x86_64.rpmyum install -y ~/downloads/filebeat-7.14.2-x86_64.rpm

配置

cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.default
]]> + 安装

官方文档

curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh

备份默认文件

cp /etc/fluent-bit/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf.defaultcp /etc/fluent-bit/parsers.conf /etc/fluent-bit/fparsers.conf.default

修改配置

修改主配置文件

cat <<EOF>/etc/fluent-bit/fluent-bit.conf[SERVICE]    flush        1    daemon       Off    log_level    info    parsers_file parsers.conf    plugins_file plugins.conf@INCLUDE secure-input.conf@INCLUDE secure-filter.conf@INCLUDE secure-output.conf@INCLUDE messages-input.conf@INCLUDE messages-filter.conf@INCLUDE messages-output.confEOF

采集secure日志配置

cat <<EOF>> /etc/fluent-bit/parsers.conf[PARSER]    Name axzo-os-log    Format regex    Regex ^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<hostname>[^ ]*) (?<process>[^ ]*)\: (?<message>.*)$    Time_Key    time    Time_Format %b %d %H:%M:%SEOFcat <<EOF> /etc/fluent-bit/secure-input.conf[INPUT]    Name tail    Path /var/log/secure    Tag kube-secure.*    DB                /var/log/flb_kube_secure.db    Mem_Buf_Limit     1MB    Skip_Long_Lines   On    Refresh_Interval  10EOFcat <<EOF> /etc/fluent-bit/secure-filter.conf[FILTER]    Name grep    Match kube-secure.*    Regex log /.*sshd.*/[FILTER]    Name parser    Match kube-secure.*    Key_Name log    Parser axzo-os-log[FILTER]    Name modify    Match kube-secure.*    Add IP $IPEOFcat <<EOF> /etc/fluent-bit/secure-output.conf[OUTPUT]    Name           kafka    Match          kube-secure.*    Brokers        192.168.1.9:9092,192.168.1.9:9091,192.168.1.9:9093    Topics         os-secure-logs    Timestamp_Key  @timestamp    Timestamp_Format iso8601    Retry_Limit    false    # hides errors "Receive failed: Disconnected" when kafka kills idle connections    rdkafka.log.connection.close false    # producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating    rdkafka.queue.buffering.max.kbytes 20240    # for logs you'll probably want this ot be 0 or 1, not more    rdkafka.request.required.acks 1EOF

采集message kernel日志

cat <<EOF>/etc/fluent-bit/messages-input.conf[INPUT]    Name tail    Path /var/log/messages    Tag kube-messages.*    DB                /var/log/flb_kube_messages.db    Mem_Buf_Limit     1MB    Skip_Long_Lines   On    Refresh_Interval  10EOFcat <<EOF> /etc/fluent-bit/messages-filter.conf[FILTER]    Name grep    Match kube-messages.*    Regex log /.*kernel.*/[FILTER]    Name parser    Match kube-messages.*    Key_Name log    Parser axzo-os-log[FILTER]    Name modify    Match kube-messages.*    Add IP $IPEOFcat <<EOF>/etc/fluent-bit/messages-output.conf[OUTPUT]    Name           kafka    Match          kube-messages.*    Brokers        192.168.1.9:9092,192.168.1.9:9091,192.168.1.9:9093    Topics         os-messages-logs    Timestamp_Key  @timestamp    Timestamp_Format iso8601    Retry_Limit    false    # hides errors "Receive failed: Disconnected" when kafka kills idle connections    rdkafka.log.connection.close false    # producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating    rdkafka.queue.buffering.max.kbytes 20240    # for logs you'll probably want this ot be 0 or 1, not more    rdkafka.request.required.acks 1EOF

启动

systemctl start fluent-bitsystemctl enable fluent-bitsystemctl status fluent-bit
]]> @@ -29,11 +29,11 @@ - FluentBit安装 - - /hexo/2024/06/11/ELK-FluentBit/ + Filebeat安装 + + /hexo/2024/06/11/ELK-Filebeat/ - 安装

官方文档

curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh

备份默认文件

cp /etc/fluent-bit/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf.defaultcp /etc/fluent-bit/parsers.conf /etc/fluent-bit/fparsers.conf.default

修改配置

修改主配置文件

cat <<EOF>/etc/fluent-bit/fluent-bit.conf[SERVICE]    flush        1    daemon       Off    log_level    info    parsers_file parsers.conf    plugins_file plugins.conf@INCLUDE secure-input.conf@INCLUDE secure-filter.conf@INCLUDE secure-output.conf@INCLUDE message-input.conf@INCLUDE message-filter.conf@INCLUDE message-output.confEOF

采集secure日志配置

cat <<EOF>> /etc/fluent-bit/parsers.conf[PARSER]    Name axzo-os-log    Format regex    Regex ^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<hostname>[^ ]*) (?<process>[^ ]*)\: (?<message>.*)$    Time_Key    time    Time_Format %b %d %H:%M:%SEOFcat <<EOF> /etc/fluent-bit/secure-input.conf[INPUT]    Name tail    Path /var/log/secure    Tag kube-secure.*    DB                /var/log/flb_kube_secure.db    Mem_Buf_Limit     1MB    Skip_Long_Lines   On    Refresh_Interval  10EOFcat <<EOF> /etc/fluent-bit/secure-filter.conf[FILTER]    Name grep    Match kube-secure.*    Regex log /.*sshd.*/[FILTER]    Name parser    Match kube-secure.*    Key_Name log    Parser axzo-os-log[FILTER]    Name modify    Match kube-secure.*    Add IP $IPEOFcat <<EOF> /etc/fluent-bit/secure-output.conf[OUTPUT]    Name           kafka    Match          kube-secure.*    Brokers        192.168.1.9:9092,192.168.1.9:9091,192.168.1.9:9093    Topics         os-secure-logs    Timestamp_Key  @timestamp    Timestamp_Format iso8601    Retry_Limit    false    # hides errors "Receive failed: Disconnected" when kafka kills idle connections    rdkafka.log.connection.close false    # producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating    rdkafka.queue.buffering.max.kbytes 20240    # for logs you'll probably want this ot be 0 or 1, not more    rdkafka.request.required.acks 1EOF

采集message kernel日志

cat <<EOF>/etc/fluent-bit/message-input.conf[INPUT]    Name tail    Path /var/log/message    Tag kube-message.*    DB                /var/log/flb_kube_message.db    Mem_Buf_Limit     1MB    Skip_Long_Lines   On    Refresh_Interval  10EOFcat <<EOF> /etc/fluent-bit/message-filter.conf[FILTER]    Name grep    Match kube-message.*    Regex log /.*kernel.*/[FILTER]    Name parser    Match kube-message.*    Key_Name log    Parser axzo-os-log[FILTER]    Name modify    Match kube-message.*    Add IP $IPEOFcat <<EOF>/etc/fluent-bit/message-output.conf[OUTPUT]    Name           kafka    Match          kube-message.*    Brokers        192.168.1.9:9092,192.168.1.9:9091,192.168.1.9:9093    Topics         os-message-logs    Timestamp_Key  @timestamp    Timestamp_Format iso8601    Retry_Limit    false    # hides errors "Receive failed: Disconnected" when kafka kills idle connections    rdkafka.log.connection.close false    # producer buffer is not included in http://fluentbit.io/documentation/0.12/configuration/memory_usage.html#estimating    rdkafka.queue.buffering.max.kbytes 20240    # for logs you'll probably want this ot be 0 or 1, not more    rdkafka.request.required.acks 1EOF

启动

systemctl start fluent-bitsystemctl enable fluent-bitsystemctl status fluent-bit
]]> + 安装

官方文档

mkdir ~/downloadswget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.14.2-x86_64.rpm -O ~/downloads/filebeat-7.14.2-x86_64.rpmyum install -y ~/downloads/filebeat-7.14.2-x86_64.rpm

配置

cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.default
]]> diff --git a/hexo/tags/ELK/index.html b/hexo/tags/ELK/index.html index 88fd4586..ed953460 100644 --- a/hexo/tags/ELK/index.html +++ b/hexo/tags/ELK/index.html @@ -226,15 +226,15 @@

2024

- + -
Filebeat安装
+
FluentBit安装
 - + -
FluentBit安装
+
Filebeat安装