mirror of
https://github.com/paralus/paralus.git
synced 2026-05-06 00:17:19 +00:00
47 lines
1.3 KiB
Markdown
47 lines
1.3 KiB
Markdown
# Filebeat
|
|
|
|
We use filebeat inorder to push logs from application to elasticsearch
|
|
server.
|
|
|
|
In actual deployment, the idea is that we will have a sidecar
|
|
container that will be responsible for tailing the log files so that
|
|
we can read it using a filebeat instance running in a daemonset.
|
|
|
|
## Development
|
|
|
|
For local testing, you can run filebeat as as a binary and push the
|
|
logs generated into ES. You can use the following config to do so.
|
|
|
|
``` yaml
|
|
filebeat.inputs:
|
|
- type: log
|
|
fields:
|
|
type: "auditlogs"
|
|
paths:
|
|
- audit.log # audit file path
|
|
json.keys_under_root: true
|
|
json.overwrite_keys: true
|
|
json.add_error_key: true
|
|
json.expand_keys: true
|
|
|
|
output.elasticsearch:
|
|
hosts: ["http://127.0.0.1:9200"]
|
|
index: "index-%{[fields.type]:other}-%{+yyyy.MM.dd}"
|
|
ssl:
|
|
verification_mode: "none"
|
|
enabled: false
|
|
ca_trusted_fingerprint: "ignore-this"
|
|
|
|
setup.template.name: "index"
|
|
setup.template.pattern: "index-*"
|
|
setup.template.overwrite: true
|
|
setup.template.append_fields:
|
|
- name: timestamp
|
|
type: date
|
|
```
|
|
|
|
This will push the audit logs generated in `audit.log` file into
|
|
elasticsearch index with the name `index-auditlogs-<date>` which you
|
|
should be able to see in ES. Now if you were to use this as the audit
|
|
index key, you should be able to use this in the application.
|