Search
Menu

 

Filebeat Install and Management

Filebeat Install and Management

Filebeat command reference edit 

Filebeat provides a command-line interface for starting Filebeat and performing common tasks, like testing configuration files and loading dashboards.

The command-line also supports global flags for controlling global behaviors.

Use sudo or be an root user to run the following commands if:

  • the config file is owned by root, or
  • Filebeat is configured to capture data that requires root access

Filebeat Commands :

#which filebeat
#filebeat -version
+++++++++++++++++++++++++++++++++++++
Manage Filebeat Serice in Linux :
RHEL 7x and later
#systemctl status filebeat
#systemctl start filebeat
#systemctl stop filebeat
#systemctl enable filebeat

RHEL 6x and before:
#service filebeat status
#service filebeat start
#service filebeat stop
#service filebeat enable
+++++++++++++++++++++++++++++++++++++
List Modules:
#filebeat modules list

Enable Filebeat Module:
#filebeat modules enable auditd
#filebeat modules enable apache

or #filebeat modules enable apache2 auditd mysql

Disable Filebeat Module:
#filebeat modules disable auditd
#filebeat modules disable apache

+++++++++++++++++++++++++++++++++++++
Curl Command to check connectivity from filebeat to logstash with TLS/SSL cert :
#curl hostname:5045 –cert /etc/cert.crt –key /etc/cert.key -vk

+++++++++++++++++++++++++++++++++++++
Testing connectivity with running service in the foreground :
If you have Filebeat running as a service, first stop the service.
Then test your setup by running Filebeat in the foreground so you can quickly see any errors that occur:

#filebeat -c filebeat.yml -e -v
+++++++++++++++++++++++++++++++++++++
Install filebeat with yum repository:
#yum install filebeat

Remove filebeat with yum repository:
#yum remove filebeat
+++++++++++++++++++++++++++++++++++++
Create CSR for local server :
#openssl req -new -out /etc/client.csr -newkey rsa:2048 -nodes -keyout /etc/cert.key

Verify the CSR :
#openssl req -text -noout -verify -in /etc/client.csr

+++++++++++++++++++++++++++++++++++++
Help :
#filebeat help COMMAND_NAME

Example :
#filebeat help export

+++++++++++++++++++++++++++++++++++++
Keystore commands:
#filebeat keystore SUBCOMMAND [FLAGS]

SUBCOMMANDS:

add KEY
Adds the specified key to the keystore. Use the –force flag to overwrite an existing key. Use the –stdin flag to pass the value through stdin.
create
Creates a keystore to hold secrets. Use the –force flag to overwrite the existing keystore.
list
Lists the keys in the keystore.
remove KEY
Removes the specified key from the keystore

FLAGS:

–force
Valid with the add and create subcommands. When used with add, overwrites the specified key. When used with create, overwrites the keystore.
–stdin
When used with add, uses the stdin as the source of the key’s value.
-h, –help
Shows help for the keystore command.

Examples:
#filebeat keystore create
#filebeat keystore add ES_PWD
#filebeat keystore remove ES_PWD
#filebeat keystore list

+++++++++++++++++++++++++++++++++++++
more info: Filebeat command reference on elastic.co site.

Loading

Categories:   Elastic, Filebeat

Tags:  , , , , , , , ,

Comments