Decision Insight 20200928 Save PDF Selected topic Selected topic and subtopics All content Install Filebeat Learn how to install and uninstall Filebeat. Filebeat version This documentation pertains to Filebeat release 1.2.3, Filebeat release 5.2.2 and Filebeat release 7.8.0 on Linux. No other release versions of Filebeat have been validated with Axway Decision Insight. Installation Download the binary format corresponding to your operating system from https://www.elastic.co/downloads/beats/filebeat. For Linux, you need to select distribution LINUX 32-BIT (for 32bits systems) or LINUX 64-BIT (for 64bits systems). Do not use DEB or RPM distributions as the artifacts will be installed elsewhere and this will make the following configuration more complex. Install the program by uncompressing the archive in directory <install dir>. Then Configure Filebeat as needed. Console mode execution In this mode, Filebeat is started in interactive (console) mode. You can use this mode when doing quick tests of the configuration. To start Filebeat, go to the installation directory and execute: cd <install dir> ./filebeat -c <filebeat.yml> Where <filebeat.yml> is the YAML configuration file for Filebeat. See Configure Filebeat. More startup options are detailed in the command line parameters page. To stop Filebeat, interrupt the process with CRTL+C or close the console. Service mode execution In this mode, Filebeat is started in non-interactive mode. It can be configured to start with the server. Version validated The service mode execution was tested only on Filebeat 1.2 and Filebeat 5.2. Configuration Register the service As user root (or doing the operations with the sudo command): Copy the following content in a new file /etc/init.d/filebeat-sc: /etc/init.d/filebeat-sc Expand source #!/bin/sh ### BEGIN INIT INFO # Provides: Filebeat # Required-Start: $local_fs $network $named $time $syslog # Required-Stop: $local_fs $network $named $time $syslog # Default-Start: 3 2 5 4 # Default-Stop: 0 1 6 # Short-Description: Filebeat # Description: Filebeat ### END INIT INFO USER=root INSTALL_DIR=<install directory> CONFIGURATION_FILE=${INSTALL_DIR}/filebeat.yml ############################## # DO NOT MODIFY PAST THIS LINE ############################## PID=$(pgrep -u $USER -x filebeat) start() { echo "Starting Filebeat" if kill -0 $PID 2> /dev/null; then echo "Service already running" >&2 return 1 else su --login $USER --shell /bin/sh --command "cd ${INSTALL_DIR} && ./filebeat -c ${CONFIGURATION_FILE} > /dev/null 2>&1 &" return 0 fi } stop() { echo "Stopping Filebeat" if kill -0 $PID 2> /dev/null; then return $(kill $PID) else echo "Service Filebeat is not running" >&2 return 1 fi } status() { if kill -0 $PID 2> /dev/null; then echo "Service Filebeat is running" return 0 else echo "Service Filebeat is not running" return 1 fi } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 10 start ;; status) status ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 2 ;; esac Change the following lines: Line 12: set the account that executes Filebeat. By default it is executed with root privileges. /etc/init.d/filebeat-sc USER=<Filebeat account> Line 13: set the directory where you have installed Filebeat /etc/init.d/filebeat-sc INSTALL_DIR=<install dir> Line 14: change the path of the Filebeat configuration file if you have used a different file. Please not that this must be the full path of the configuration file. /etc/init.d/filebeat-sc CONFIGURATION_FILE=/opt/my-environment/conf/my-filebeat-configuration.yml Make it executable with: chmod +x /etc/init.d/filebeat-sc Register the service: For Ubuntu, execute: update-rc.d filebeat-sc default 99 01 For Red Hat Enterprise Linux, execute: chkconfig --add filebeat-sc For SUSE, execute: chkconfig --add filebeat-sc For Oracle Linux, execute: chkconfig --add filebeat-sc Resources consumption The hardware resources consumed by Filebeat can get quite high if Filebeat needs to concurrently monitor a large number of files. This typically happens during an initial provisioning or after a crash recovery. It is important to properly evaluate and configure the system resources that Filebeat should be allowed. Thus these OS limits need to be properly configured : number of open files (ulimit -n) number of threads (ulimit -u) virtual memory consumption (ulimit -v) the swap size (grep SwapTotal /proc/meminfo) Unregister the service As user root (or doing the operations with the sudo command): For Ubuntu, execute: update-rc.d filebeat-sc remove For Red Hat Enterprise Linux, execute: chkconfig --del filebeat-sc For SUSE, execute: chkconfig --del filebeat-sc For Oracle Linux, execute: chkconfig --del filebeat-sc Start As user root (or using the sudo command), execute: service filebeat-sc start Stop As user root (or using the sudo command), execute: service filebeat-sc stop Status As user root (or using the sudo command), execute: service filebeat-sc status Uninstall To remove Filebeat, do the following: Stop the service (see above) As user root (or using the sudo command), execute: rm /etc/init.d/filebeat-sc Remove the directory where you have installed Filebeat rm -r <install dir> Related Links
Install Filebeat Learn how to install and uninstall Filebeat. Filebeat version This documentation pertains to Filebeat release 1.2.3, Filebeat release 5.2.2 and Filebeat release 7.8.0 on Linux. No other release versions of Filebeat have been validated with Axway Decision Insight. Installation Download the binary format corresponding to your operating system from https://www.elastic.co/downloads/beats/filebeat. For Linux, you need to select distribution LINUX 32-BIT (for 32bits systems) or LINUX 64-BIT (for 64bits systems). Do not use DEB or RPM distributions as the artifacts will be installed elsewhere and this will make the following configuration more complex. Install the program by uncompressing the archive in directory <install dir>. Then Configure Filebeat as needed. Console mode execution In this mode, Filebeat is started in interactive (console) mode. You can use this mode when doing quick tests of the configuration. To start Filebeat, go to the installation directory and execute: cd <install dir> ./filebeat -c <filebeat.yml> Where <filebeat.yml> is the YAML configuration file for Filebeat. See Configure Filebeat. More startup options are detailed in the command line parameters page. To stop Filebeat, interrupt the process with CRTL+C or close the console. Service mode execution In this mode, Filebeat is started in non-interactive mode. It can be configured to start with the server. Version validated The service mode execution was tested only on Filebeat 1.2 and Filebeat 5.2. Configuration Register the service As user root (or doing the operations with the sudo command): Copy the following content in a new file /etc/init.d/filebeat-sc: /etc/init.d/filebeat-sc Expand source #!/bin/sh ### BEGIN INIT INFO # Provides: Filebeat # Required-Start: $local_fs $network $named $time $syslog # Required-Stop: $local_fs $network $named $time $syslog # Default-Start: 3 2 5 4 # Default-Stop: 0 1 6 # Short-Description: Filebeat # Description: Filebeat ### END INIT INFO USER=root INSTALL_DIR=<install directory> CONFIGURATION_FILE=${INSTALL_DIR}/filebeat.yml ############################## # DO NOT MODIFY PAST THIS LINE ############################## PID=$(pgrep -u $USER -x filebeat) start() { echo "Starting Filebeat" if kill -0 $PID 2> /dev/null; then echo "Service already running" >&2 return 1 else su --login $USER --shell /bin/sh --command "cd ${INSTALL_DIR} && ./filebeat -c ${CONFIGURATION_FILE} > /dev/null 2>&1 &" return 0 fi } stop() { echo "Stopping Filebeat" if kill -0 $PID 2> /dev/null; then return $(kill $PID) else echo "Service Filebeat is not running" >&2 return 1 fi } status() { if kill -0 $PID 2> /dev/null; then echo "Service Filebeat is running" return 0 else echo "Service Filebeat is not running" return 1 fi } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 10 start ;; status) status ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 2 ;; esac Change the following lines: Line 12: set the account that executes Filebeat. By default it is executed with root privileges. /etc/init.d/filebeat-sc USER=<Filebeat account> Line 13: set the directory where you have installed Filebeat /etc/init.d/filebeat-sc INSTALL_DIR=<install dir> Line 14: change the path of the Filebeat configuration file if you have used a different file. Please not that this must be the full path of the configuration file. /etc/init.d/filebeat-sc CONFIGURATION_FILE=/opt/my-environment/conf/my-filebeat-configuration.yml Make it executable with: chmod +x /etc/init.d/filebeat-sc Register the service: For Ubuntu, execute: update-rc.d filebeat-sc default 99 01 For Red Hat Enterprise Linux, execute: chkconfig --add filebeat-sc For SUSE, execute: chkconfig --add filebeat-sc For Oracle Linux, execute: chkconfig --add filebeat-sc Resources consumption The hardware resources consumed by Filebeat can get quite high if Filebeat needs to concurrently monitor a large number of files. This typically happens during an initial provisioning or after a crash recovery. It is important to properly evaluate and configure the system resources that Filebeat should be allowed. Thus these OS limits need to be properly configured : number of open files (ulimit -n) number of threads (ulimit -u) virtual memory consumption (ulimit -v) the swap size (grep SwapTotal /proc/meminfo) Unregister the service As user root (or doing the operations with the sudo command): For Ubuntu, execute: update-rc.d filebeat-sc remove For Red Hat Enterprise Linux, execute: chkconfig --del filebeat-sc For SUSE, execute: chkconfig --del filebeat-sc For Oracle Linux, execute: chkconfig --del filebeat-sc Start As user root (or using the sudo command), execute: service filebeat-sc start Stop As user root (or using the sudo command), execute: service filebeat-sc stop Status As user root (or using the sudo command), execute: service filebeat-sc status Uninstall To remove Filebeat, do the following: Stop the service (see above) As user root (or using the sudo command), execute: rm /etc/init.d/filebeat-sc Remove the directory where you have installed Filebeat rm -r <install dir>