{"id":6051,"date":"2020-06-04T23:01:45","date_gmt":"2020-06-04T20:01:45","guid":{"rendered":"https:\/\/kifarunix.com\/?p=6051"},"modified":"2024-03-14T21:57:03","modified_gmt":"2024-03-14T18:57:03","slug":"install-and-configure-filebeat-on-centos-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-configure-filebeat-on-centos-8\/","title":{"rendered":"Install and Configure Filebeat on CentOS 8"},"content":{"rendered":"\n<p>In this tutorial, we are going to learn how to install and configure Filebeat on CentOS 8. <a rel=\"noreferrer noopener\" href=\"https:\/\/www.elastic.co\/beats\/filebeat\" target=\"_blank\">Filebeat<\/a> is one of the Elastic Stack beats, the data shippers for Elasticsearch.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote has-text-align-center td_pull_quote td_pull_center is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to&nbsp;<a href=\"https:\/\/www.elastic.co\/products\/elasticsearch\" target=\"_blank\" rel=\"noopener\">Elasticsearch<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/www.elastic.co\/products\/logstash\" target=\"_blank\" rel=\"noopener\">Logstash<\/a>&nbsp;for indexing.<\/p>\n<\/blockquote>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-filebeat-on-cent-os-8\">Installing Filebeat on CentOS 8<\/a><ul><li><a href=\"#install-elastic-stack-repos-on-cent-os-8\">Install Elastic Stack Repos on CentOS 8<\/a><\/li><li><a href=\"#install-filebeat-using-rpm-package\">Install Filebeat using RPM Package<\/a><\/li><li><a href=\"#running-filebeat\">Running Filebeat<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-filebeat-on-cent-os-8\">Installing Filebeat on CentOS 8<\/h2>\n\n\n\n<p>I assume that you have a running Elastic Stack to which you will ship data to for processing using Filebeat. If not, follow the following guides to learn how to install and configure ES.<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-elastic-elk-stack-on-ubuntu-20-04\/\" target=\"_blank\">Install ELK Stack on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/installing-elk-stack-on-centos-8\/\" target=\"_blank\">Installing ELK Stack on CentOS 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elastic-stack-7-on-fedora-30-fedora-29-centos-7\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Elastic Stack 7 on Fedora 30\/Fedora 29\/CentOS 7<\/a><\/p>\n\n\n\n<p>Note that you can choose to <a href=\"#installfilebeatusingrpm\">install Filebeat using RPM binary package<\/a> or <a href=\"#installfilebeatfromelasticrepos\">directly from the Elastic stack repos<\/a>. We will cover both ways of installation.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-elastic-stack-repos-on-cent-os-8\">Install Elastic Stack Repos on CentOS 8<\/h4>\n\n\n\n<p>Filebeat is not available on the default CentOS 8 and therefore you need to install Elastic Stack repos.<\/p>\n\n\n\n<p>Install Elastic Stack repo GPG signing key<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo rpm --import https:\/\/packages.elastic.co\/GPG-KEY-elasticsearch<\/code><\/pre>\n\n\n\n<p>Next, install Elastic Stack repo on CentOS 8;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat > \/etc\/yum.repos.d\/elasticstack.repo << EOL\n[elasticstack]\nname=Elastic repository for 7.x packages\nbaseurl=https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\ngpgcheck=1\ngpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\nenabled=1\nautorefresh=1\ntype=rpm-md\nEOL<\/code><\/pre>\n\n\n\n<p>Once the repos are in place, you can install Filebeat by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install filebeat<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-filebeat-using-rpm-package\">Install Filebeat using RPM Package<\/h4>\n\n\n\n<p>Should you choose to install Filebeat on CentOS 8 using the RPM package, simply grab the link to the latest stable release version of the filebeat RPM package from <a rel=\"noreferrer noopener\" href=\"https:\/\/www.elastic.co\/downloads\/beats\/filebeat\" target=\"_blank\">Filebeat download's page<\/a> and run <strong>either<\/strong> of the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install https:\/\/artifacts.elastic.co\/downloads\/beats\/filebeat\/filebeat-7.7.1-x86_64.rpm<\/code><\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/artifacts.elastic.co\/downloads\/beats\/filebeat\/filebeat-7.7.1-x86_64.rpm\nrpm -vi filebeat-7.7.1-x86_64.rpm<\/code><\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf localinstall filebeat-7.7.1-x86_64.rpm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-filebeat\"><a href=\"#runningfilebeat\">Running Filebeat<\/a><\/h4>\n\n\n\n<p>Start and enable Filebeat to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now filebeat<\/code><\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status filebeat<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/filebeat.service; enabled; vendor preset: disabled)\n   Active: active (running) since Thu 2020-06-04 15:52:54 EDT; 1min 19s ago\n     Docs: https:\/\/www.elastic.co\/products\/beats\/filebeat\n Main PID: 6159 (filebeat)\n    Tasks: 8 (limit: 5044)\n   Memory: 17.9M\n   CGroup: \/system.slice\/filebeat.service\n           \u2514\u25006159 \/usr\/share\/filebeat\/bin\/filebeat -environment systemd -c \/etc\/filebeat\/filebeat.yml -path.home \/usr\/share\/filebeat -path.config \/etc\/filebeat\n...\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-filebeat-to-ship-logs-and-event-data-to-elastic-stack\"><a href=\"#configurefilebeat\">Configure Filebeat to Ship Logs and Event Data to Elastic Stack<\/a><\/h3>\n\n\n\n<p>Filebeat is now ready to read logs and event data and ship them to the <code><strong>Elasticsearch<\/strong><\/code>, the search and analytics engine, or to <code><strong>Logstash<\/strong><\/code>, for further processing and transformation before being stashed to Elasticsearch.<\/p>\n\n\n\n<p>Follow the link below to learn how to configure Filebeat to collect and ship logs from the system to Elastic stack.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-filebeat-on-fedora-30-fedora-29-centos-7\/#configurefilebeattocollectlogs\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Filebeat to Collect System Logs for Processing on Elastic Stack<\/a><\/p>\n\n\n\n<p>Read more about Filebeat setup on <a rel=\"noreferrer noopener\" href=\"https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/current\/filebeat-getting-started.html\" target=\"_blank\">Getting Started with Filebeat<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"related-tutorials\">Related Tutorials<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-setup-tig-stack-on-ubuntu-20-04\/\" target=\"_blank\">Install and Setup TIG Stack on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/monitor-system-metrics-with-tick-stack-on-ubuntu-20-04\/\" target=\"_blank\">Monitor System Metrics with TICK Stack on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-icinga-2-and-icinga-web-2-on-ubuntu-20-04\/\" target=\"_blank\">Install Icinga 2 and Icinga Web 2 on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-ossec-agent-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install OSSEC Agent on CentOS 8<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to learn how to install and configure Filebeat on CentOS 8. Filebeat is one of the Elastic Stack beats,<\/p>\n","protected":false},"author":3,"featured_media":11333,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,910,72],"tags":[1656,1658,964,1657,922,1655,921],"class_list":["post-6051","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-elastic-stack","category-monitoring","tag-configure-filebeat-on-centos-8","tag-elastic-stack-filebeat","tag-elasticsearch","tag-elk-filebeat","tag-filebeat","tag-install-filebeat-on-centos-8","tag-logstash","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6051"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=6051"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6051\/revisions"}],"predecessor-version":[{"id":21434,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6051\/revisions\/21434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11333"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=6051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=6051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=6051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}