cookbook 'filebeat', '= 0.2.7'
filebeat
(36) Versions
0.2.7
-
Follow19
Installs/Configures Elastic Filebeat
cookbook 'filebeat', '= 0.2.7', :supermarket
knife supermarket install filebeat
knife supermarket download filebeat
filebeat Cookbook
This is a Chef cookbook to manage Filebeat.
For Production environment, always prefer the most recent release.
Most Recent Release
cookbook 'filebeat', '~> 0.2.7'
From Git
cookbook 'filebeat', github: 'vkhatri/chef-filebeat'
Repository
https://github.com/vkhatri/chef-filebeat
Supported OS
This cookbook was tested on Windows, Amazon & Ubuntu Linux and expected to work on other RHEL platforms.
Major Changes
v0.2.5
- Removed default output configuration attributes for
elasticsearch
,logstash
andfile
- Removed attributed
default['filebeat']['enable_localhost_output']
as defaultoutput
attributes are disabled
Cookbook Dependency
- windows
- powershell
- apt
- yum
Recipes
filebeat::default
- default recipe (use it for run_list)filebeat::install_windows
- install filebeat for windows platformfilebeat::install_package
- install filebeat package for linux platformfilebeat::config
- configure filebeat
LWRP filebeat_prospector
LWRP filebeat_prospector
creates filebeat prospector configuration yaml file under directory node['filebeat']['prospectors_dir']
with file name prospector-#{resource_name}.yml
.
LWRP example
filebeat_prospector 'messages' do
paths ['/var/log/messages']
document_type 'apache'
ignore_older '24h'
scan_frequency '15s'
harvester_buffer_size 16384
fields 'type' => 'apacheLogs'
end
LWRP Options
- action (optional) - default :create, options: :create, :delete
- paths (optional, String) - filebeat propspector configuration attribute
- type (optional, String) - filebeat propspector configuration attribute
- encoding (optional, String) - filebeat propspector configuration attribute
- fields (optional, Hash) - filebeat propspector configuration attribute
- fields_under_root (optional, TrueClass/FalseClass) - filebeat propspector configuration attribute
- ignore_older (optional, String) - filebeat propspector configuration attribute
- document_type (optional, String) - filebeat propspector configuration attribute
- input_type (optional, String) - filebeat propspector configuration attribute
- scan_frequency (optional, String) - filebeat propspector configuration attribute
- harvester_buffer_size (optional, Integer) - filebeat propspector configuration attribute
- tail_files (optional, TrueClass/FalseClass) - filebeat propspector configuration attribute
- backoff (optional, String) - filebeat propspector configuration attribute
- max_backoff (optional, String) - filebeat propspector configuration attribute
- backoff_factor (optional, Integer) - filebeat propspector configuration attribute
- force_close_files (optional, TrueClass/FalseClass) - filebeat propspector configuration attribute
How to Add Filebeat Output via Node Attribute
ElasticSearch Output
"default_attributes": {
"filebeat": {
"config": {
"output": {
"elasticsearch": {
"enabled": true,
"hosts": ["127.0.0.1:9200"],
"save_topology": false,
"max_retries": 3,
"bulk_max_size": 1000,
"flush_interval": null,
"protocol": "http",
"username": null,
"password": null,
"index": "filebeat",
"path": "/elasticsearch"
}
}
}
}
}
Logstash Output
"default_attributes": {
"filebeat": {
"config": {
"output": {
"logstash": {
"enabled": true,
"hosts": ["127.0.0.1:5000"],
"loadbalance": true,
"save_topology": false,
"index": "filebeat"
}
}
}
}
}
File Output
"default_attributes": {
"filebeat": {
"config": {
"output": {
"file": {
"enabled": true,
"path": "/tmp/filebeat",
"filename": "filebeat",
"rotate_every_kb": 1000,
"number_of_files": 7
}
}
}
}
}
How to Add Filebeat Prospectors via Node Attribute
Individual propspectors configuration file can be added using attribute default['filebeat']['prospectors']
. Each prospector configuration will
be created as a different yaml file under default['filebeat']['prospector_dir']
with prefix prospector-
"default_attributes": {
"filebeat": {
"prospectors": {
"system_logs": {
"filebeat": {
"prospectors": [
{
"paths": [
"/var/log/messages",
"/var/log/syslog"
],
"type": "log",
"fields": {
"type": "system_logs"
}
}
]
}
},
"secure_logs": {
"filebeat": {
"prospectors": [
{
"paths": [
"/var/log/secure",
"/var/log/auth.log"
],
"type": "log",
"fields": {
"type": "secure_logs"
}
}
]
}
},
"apache_logs": {
"filebeat": {
"prospectors": [
{
"paths": [
"/var/log/apache/*.log"
],
"type": "log",
"ignore_older": "24h",
"scan_frequency": "15s",
"harvester_buffer_size": 16384,
"fields": {
"type": "apache_logs"
}
}
]
}
}
}
}
}
Above configuration will create three different prospector files - prospector-system_logs.yml, prospector-secure_logs.yml and prospector-apache_logs.yml
Core Attributes
default['filebeat']['version']
(default:1.0.0
): filebeat versiondefault['filebeat']['package_url']
(default:auto
): package url for windows installationdefault['filebeat']['conf_dir']
(default:/etc/filebeat
): filebeat yaml configuration file directorydefault['filebeat']['conf_file']
(default:/etc/filebeat/filebeat.yml
): filebeat configuration filedefault['filebeat']['notify_restart']
(default:true
): whether to restart filebeat service on configuration file changedefault['filebeat']['disable_service']
(default:false
): whether to stop and disable filebeat servicedefault['filebeat']['prospectors_dir']
(default:/etc/filebeat/conf.d
): prospectors configuration file directorydefault['filebeat']['prospectors']
(default:{}
): prospectors configuration file
Configuration File filebeat.yml Attributes
default['filebeat']['config']['filebeat']['prospectors']
(default:[]
): filebeat interface device namedefault['filebeat']['config']['filebeat']['registry_file']
(default:/var/lib/filebeat/registry
): filebeat services to capture packetsdefault['filebeat']['config']['filebeat']['config_dir']
(default:node['filebeat']['prospectors_dir']
): filebeat prospectors configuration files folderdefault['filebeat']['config']['output']
(default:{}
): configure elasticsearch. logstash, file etc. output
For more attribute info, visit below links:
https://github.com/elastic/filebeat/blob/master/etc/filebeat.yml
Filebeat YUM/APT Repository Attributes
default['filebeat']['yum']['description']
(default: ``): beats yum reporitory attributedefault['filebeat']['yum']['gpgcheck']
(default:true
): beats yum reporitory attributedefault['filebeat']['yum']['enabled']
(default:true
): beats yum reporitory attributedefault['filebeat']['yum']['baseurl']
(default:https://packages.elastic.co/beats/yum/el/$basearch
): beatsyum reporitory attributedefault['filebeat']['yum']['gpgkey']
(default:https://packages.elasticsearch.org/GPG-KEY-elasticsearch
): beats yum reporitory attributedefault['filebeat']['yum']['metadata_expire']
(default:3h
): beats yum reporitory attributedefault['filebeat']['yum']['action']
(default::create
): beats yum reporitory attributedefault['filebeat']['apt']['description']
(default:calculated
): beats apt reporitory attributedefault['filebeat']['apt']['components']
(default:['stable', 'main']
): beats apt reporitory attributedefault['filebeat']['apt']['uri']
(default:https://packages.elastic.co/beats/apt
): beats apt reporitory attributedefault['filebeat']['apt']['key']
(default:http://packages.elasticsearch.org/GPG-KEY-elasticsearch
): beats apt reporitory attributedefault['filebeat']['apt']['action']
(default::add
): filebeat apt reporitory attribute
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests (
rake & rake knife
), ensuring they all pass - Write new resource/attribute description to
README.md
- Write description about changes to PR
- Submit a Pull Request using Github
Copyright & License
Authors:: Virender Khatri and Contributors
<pre>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</pre>
Dependent cookbooks
windows >= 0.0.0 |
powershell >= 0.0.0 |
apt >= 0.0.0 |
yum >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
filebeat CHANGELOG
This file is used to list changes made in each version of the filebeat cookbook.
0.2.7
Virender Khatri - #21, add yum_repository resource attribute metadata_expire
Virender Khatri - #20, update to beat v1.0.1
0.2.6
Virender Khatri - #18, added LWRP resource for prospectors
Virender Khatri - #15, fix kitchen test
0.2.5
Virender Khatri - disabled default output configuration and enable_localhost_output attributes
Virender Khatri - #10, handle missing attribute node['filebeat']['windows']['version_string']
Virender Khatri - #6, added specs
Virender Khatri - #13, major changes to support repository package install
0.2.1
Virender Khatri - Added platforms metadata info
Virender Khatri - #8, add missing dependency on powershell for windows platform
Virender Khatri - #9, use resource powershell instead of powershell_script
0.2.0
Brandon Wilson - Include dpkg options to keep old config files when upgrading filebeat to a new release. Without specifying the dpkg options, dpkg will attempt to interactively ask if it should keep the old conf file, or replace it with the vendor supplied conf file which comes with the new version of the package. Since chef is running dpkg non-interactively, it causes dpkg to exit with code 1, and the chef run fails.
Virender Khatri - Fix for #4, handle derived attribute for package_url
Patrick Christopher - Added support for Windows OS
0.1.0
- Virender Khatri - Initial release of filebeat
Check the Markdown Syntax Guide for help with Markdown.
The Github Flavored Markdown page describes the differences between markdown on github and standard markdown.
Foodcritic Metric
0.2.7 passed this metric
0.2.7 passed this metric