1,7.4.0 enabled module
./filebeat modules list ./filebeat modules enable nginx ./filebeat modules list
2, modify modules.d / nginx.yml, corresponding to the main address Add Log
[elasticsearch@es1 filebeat-7.4.0-linux-x86_64]$ cat modules.d/nginx.yml # Module: nginx # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.4/filebeat-module-nginx.html - module: nginx # Access logs access: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. var.paths: ["/usr/local/nginx/logs/access.log*"] # Error logs error: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. var.paths: ["/usr/local/nginx/logs/error.log"]
3, configuration filebeat profile
[elasticsearch@es1 filebeat-7.4.0-linux-x86_64]$ cat nginx-m.yml filebeat.inputs: #- type: log # enabled: true # paths: # - /usr/local/nginx/logs/*.log # tags: ["nginx"] setup.template.settings: index.number_of_shards: 2 output.elasticsearch: # Array of hosts to connect to. hosts: ["192.168.56.101:9200"] filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false [elasticsearch@es1 filebeat-7.4.0-linux-x86_64]$
4, start
./filebeat -e -c INX-m.yml
5, access and observations