Filebeat Install and Management
Filebeat command reference edit
Filebeat provides a command-line interface for starting Filebeat and performing common tasks, like testing configuration files and loading dashboards.
The command-line also supports global flags for controlling global behaviors.
Use sudo or be an root user
to run the following commands if:
- the config file is owned by
root
, or - Filebeat is configured to capture data that requires
root
access
Filebeat Commands :
#which filebeat
#filebeat -version
+++++++++++++++++++++++++++++++++++++
Manage Filebeat Serice in Linux :
RHEL 7x and later
#systemctl status filebeat
#systemctl start filebeat
#systemctl stop filebeat
#systemctl enable filebeat
RHEL 6x and before:
#service filebeat status
#service filebeat start
#service filebeat stop
#service filebeat enable
+++++++++++++++++++++++++++++++++++++
List Modules:
#filebeat modules list
Enable Filebeat Module:
#filebeat modules enable auditd
#filebeat modules enable apache
or #filebeat modules enable apache2 auditd mysql
Disable Filebeat Module:
#filebeat modules disable auditd
#filebeat modules disable apache
+++++++++++++++++++++++++++++++++++++
Curl Command to check connectivity from filebeat to logstash with TLS/SSL cert :
#curl hostname:5045 –cert /etc/cert.crt –key /etc/cert.key -vk
+++++++++++++++++++++++++++++++++++++
Testing connectivity with running service in the foreground :
If you have Filebeat running as a service, first stop the service.
Then test your setup by running Filebeat in the foreground so you can quickly see any errors that occur:
#filebeat -c filebeat.yml -e -v
+++++++++++++++++++++++++++++++++++++
Install filebeat with yum repository:
#yum install filebeat
Remove filebeat with yum repository:
#yum remove filebeat
+++++++++++++++++++++++++++++++++++++
Create CSR for local server :
#openssl req -new -out /etc/client.csr -newkey rsa:2048 -nodes -keyout /etc/cert.key
Verify the CSR :
#openssl req -text -noout -verify -in /etc/client.csr
+++++++++++++++++++++++++++++++++++++
Help :
#filebeat help COMMAND_NAME
Example :
#filebeat help export
+++++++++++++++++++++++++++++++++++++
Keystore commands:
#filebeat keystore SUBCOMMAND [FLAGS]
SUBCOMMANDS:
add KEY
Adds the specified key to the keystore. Use the –force flag to overwrite an existing key. Use the –stdin flag to pass the value through stdin.
create
Creates a keystore to hold secrets. Use the –force flag to overwrite the existing keystore.
list
Lists the keys in the keystore.
remove KEY
Removes the specified key from the keystore
FLAGS:
–force
Valid with the add and create subcommands. When used with add, overwrites the specified key. When used with create, overwrites the keystore.
–stdin
When used with add, uses the stdin as the source of the key’s value.
-h, –help
Shows help for the keystore command.
Examples:
#filebeat keystore create
#filebeat keystore add ES_PWD
#filebeat keystore remove ES_PWD
#filebeat keystore list
+++++++++++++++++++++++++++++++++++++
more info: Filebeat command reference on elastic.co site.