在上一篇文章CentOS7下ELK日志分析平台的简单搭建步骤的基础下,下面介绍filebeat和packetbeat的安装与使用
1、filebeat的安装与配置rpm -ivh 进行安装rpm -ivh filebeat-7.3.0-x86_64.rpm 
vi /etc/filebeat/filebeat.reference.yml 如下两处设置使能syslog: enabled: true auth: enabled: true
指定Kibana的端主机IP+Port
[root@vm ~]# systemctl enable filebeat [root@vm ~]# systemctl start filebeat [root@vm ~]# curl localhost:9200/_cat/indices?vcurl localhost:9200/filebeat-7.3.0-2019.08.18-000001/_search?pretty
接下来在Kibana上可以查询到filebeat推送上来的日志索引
当然也可以使用 filebeat setup --dashboards将filebeat搜集的数据导入到dashboards2、packetbeat的安装与配置 rpm -ivh packetbeat-7.3.0-x86_64.rpmvi /etc/packetbeat/packetbeat.yml host: "localhost:5601"
vi /etc/packetbeat/packetbeat.reference.yml同样Kibana处也配置为host: "localhost:5601"设置packetbeat开机自启动并启动packetbeat服务systemctl enable packetbeatsystemctl start packetbeatcurl localhost:9200/_cat/indices?v curl localhost:9200/packetbeat-7.3.0-2019.08.18-000001/_search?pretty
packetbeat setup --dashboards将packetbeat中的数据导入到Dashboard中
在Kibana的DashBoards中搜索Packetbeat
可以看到该主机的流量统计情况
