Versions Compared

Old Version 10

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 11

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisites:

  • The machine requires Java 1.8 running prior to setting Filebeat.

Install Filebeat on Linux OS:

To download and install Filebeat, enter the designated Linux machine as an Administrator and follow these guidelines:

  1. Run the command: apt-get update  to update the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
  2. Install Java JRE 1.8 on the Linux OS. If the machine already runs Java 1.8 you may skip this part. To install Java run the command: apt-get install default-jre
  3. To verify that the installed Java is 1.8 run the command: java -version. If verified you may proceed to the next step 
  4. Install Filebeat as a service:
    1. Run the command: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.1-amd64.deb
    2. Run the command: dpkg -i filebeat-6.5.1-amd64.deb
  5. Configure Filebeat. To configure Filebeat to forward data to logstash, modify the file /etc/filebeat/filebeat.yml according to the guidelines described in the article: Configuring Filebeat to send data to Logstash
  6. Start Fliebeat service. To start the service use the command service filebeat start. The available options are: service filebeat {start|stop|status|restart|force-reload}

    Note: 
    • Any change in the filebeat.yml configuration file requires restarting the Filebeat service (defined by default at the path /etc/init.d/filebeat).

 

Install Filebeat on Windows OS:

To download and install Filebeat, enter the designated machine as a local Administrator and follow these guidelines:

  1. Download and Install Java JRE 1.8 HERE. If the machine already runs Java 1.8 you may skip this part. Otherwise download Java and upon completion restart the machine.
  2. To verify that the installed Java is 1.8 go to Control Panel> Java> About & check the version number.
  3. Download the Filebeat Windows zip file from this LINK
  4. Extract the contents of the zip file into C:\Program Files.
  5. Rename the filebeat-<version>-windows directory to Filebeat
  6. Configure Filebeat. To configure Filebeat to forward Filebeat data forwarding to logstash, modify the file C:\Program Files\Filebeat\filebeat.yml according to the guidelines described in the article: Configuring Filebeat to send data to Logstash
    • You may download the filebeat.yml example and modify it to match your needs. 
      Note that the example forwards 2 logs: messages & secure to localhost using port 5044. You may the logs and set output.logstash with the logstash host/IP. 
  7. Install Filebeat as a service. Setting the service must be done only after completing the configuration. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). 
    1. Run the command: cd 'C:\Program Files\Filebeat'
    2. Run the command: C:\Program Files\Filebeat> .\install-service-filebeat.ps1

Notes:

    • If you are running Windows XP, you may need to download and install PowerShell. 
    • If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. 
      For example: PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1.
    • Fliebeat service should be manageable from the services.msc.
    • Any change in the filebeat.yml configuration file requires restarting the Filebeat service (defined by default at the path C:\Program Files\Filebeat).