In this tutorial, we are going to learn how to install and configure Filebeat on CentOS 8. Filebeat is one of the Elastic Stack beats, the data shippers for Elasticsearch.
Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing.
Table of Contents
Installing Filebeat on CentOS 8
I assume that you have a running Elastic Stack to which you will ship data to for processing using Filebeat. If not, follow the following guides to learn how to install and configure ES.
Install ELK Stack on Ubuntu 20.04
Installing ELK Stack on CentOS 8
Install Elastic Stack 7 on Fedora 30/Fedora 29/CentOS 7
Note that you can choose to install Filebeat using RPM binary package or directly from the Elastic stack repos. We will cover both ways of installation.
Install Elastic Stack Repos on CentOS 8
Filebeat is not available on the default CentOS 8 and therefore you need to install Elastic Stack repos.
Install Elastic Stack repo GPG signing key
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearchNext, install Elastic Stack repo on CentOS 8;
cat > /etc/yum.repos.d/elasticstack.repo << EOL
[elasticstack]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOLOnce the repos are in place, you can install Filebeat by running the command below;
dnf install filebeatInstall Filebeat using RPM Package
Should you choose to install Filebeat on CentOS 8 using the RPM package, simply grab the link to the latest stable release version of the filebeat RPM package from Filebeat download's page and run either of the command below;
dnf install https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.7.1-x86_64.rpmor
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.7.1-x86_64.rpm
rpm -vi filebeat-7.7.1-x86_64.rpmor
dnf localinstall filebeat-7.7.1-x86_64.rpmRunning Filebeat
Start and enable Filebeat to run on system boot;
systemctl enable --now filebeatTo check the status;
systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-04 15:52:54 EDT; 1min 19s ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 6159 (filebeat)
Tasks: 8 (limit: 5044)
Memory: 17.9M
CGroup: /system.slice/filebeat.service
└─6159 /usr/share/filebeat/bin/filebeat -environment systemd -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat
...
Configure Filebeat to Ship Logs and Event Data to Elastic Stack
Filebeat is now ready to read logs and event data and ship them to the Elasticsearch, the search and analytics engine, or to Logstash, for further processing and transformation before being stashed to Elasticsearch.
Follow the link below to learn how to configure Filebeat to collect and ship logs from the system to Elastic stack.
Configure Filebeat to Collect System Logs for Processing on Elastic Stack
Read more about Filebeat setup on Getting Started with Filebeat.
Related Tutorials
Install and Setup TIG Stack on Ubuntu 20.04
Monitor System Metrics with TICK Stack on Ubuntu 20.04
