179 lines
6.4 KiB
Text
179 lines
6.4 KiB
Text
|
:modulename: apache2 mysql
|
|||
|
|
|
|||
|
|
[id="configuration-{beatname_lc}-modules"]
|
|||
|
|
== Specify which modules to run
|
|||
|
|
|
|||
|
|
NOTE: Using {beatname_uc} modules is optional. You may decide to
|
|||
|
|
<<configuration-{beatname_lc}-options,configure inputs manually>> if you are using
|
|||
|
|
a log type that isn't supported, or you want to use a different setup.
|
|||
|
|
|
|||
|
|
{beatname_uc} <<{beatname_lc}-modules,modules>> provide a quick way for you to get started
|
|||
|
|
processing common log formats. They contain default configurations,
|
|||
|
|
Elasticsearch ingest node pipeline definitions, and Kibana dashboards to help you
|
|||
|
|
implement and deploy a log monitoring solution.
|
|||
|
|
|
|||
|
|
{beatname_uc} provides a few different ways to enable modules. You can:
|
|||
|
|
|
|||
|
|
* <<enable-modules-d-configs>>
|
|||
|
|
* <<enable-modules-cli>>
|
|||
|
|
* <<enable-modules-config-file>>
|
|||
|
|
|
|||
|
|
include::../../libbeat/docs/shared-note-file-permissions.asciidoc[]
|
|||
|
|
|
|||
|
|
When you enable modules, you can also
|
|||
|
|
<<specify-variable-settings,specify variable settings>> to change the default
|
|||
|
|
behavior of the modules, and you can specify
|
|||
|
|
<<advanced-settings,advanced settings>> to override input settings.
|
|||
|
|
|
|||
|
|
Before running {beatname_uc} with modules enabled, make sure you also set up the
|
|||
|
|
environment to use Kibana dashboards. See <<{beatname_lc}-modules-quickstart>> for
|
|||
|
|
more information.
|
|||
|
|
|
|||
|
|
[float]
|
|||
|
|
[[enable-modules-d-configs]]
|
|||
|
|
=== Enable module configs in the `modules.d` directory
|
|||
|
|
|
|||
|
|
The `modules.d` directory contains default configurations for all the modules
|
|||
|
|
available in {beatname_uc}. You can enable or disable specific module configurations
|
|||
|
|
under `modules.d` by running the
|
|||
|
|
<<modules-command,`modules enable` or `modules disable`>> commands.
|
|||
|
|
|
|||
|
|
For example, to enable the `apache2` and `mysql` configs in the `modules.d`
|
|||
|
|
directory, you use:
|
|||
|
|
|
|||
|
|
include::./include/enable-modules-command.asciidoc[]
|
|||
|
|
|
|||
|
|
Then when you run {beatname_uc}, it loads the corresponding module configurations
|
|||
|
|
specified in the `modules.d` directory (for example, `modules.d/apache2.yml` and
|
|||
|
|
`modules.d/mysql.yml`).
|
|||
|
|
|
|||
|
|
To see a list of enabled and disabled modules, run:
|
|||
|
|
|
|||
|
|
include::./include/list-modules-command.asciidoc[]
|
|||
|
|
|
|||
|
|
The default module configurations assume that the logs you’re harvesting are
|
|||
|
|
in the location expected for your OS and that the behavior of the module is
|
|||
|
|
appropriate for your environment. To change the default configurations, you need
|
|||
|
|
to <<specify-variable-settings,specify variable settings>>.
|
|||
|
|
|
|||
|
|
[float]
|
|||
|
|
[[enable-modules-cli]]
|
|||
|
|
=== Enable modules when you run {beatname_uc}
|
|||
|
|
|
|||
|
|
To enable specific <<{beatname_lc}-modules,modules>> when you run {beatname_uc} at the
|
|||
|
|
command line, you can use the `--modules` flag. This approach works well when
|
|||
|
|
you're getting started and want to specify different modules and settings each
|
|||
|
|
time you run {beatname_uc}. Any modules specified at the command line will be loaded
|
|||
|
|
along with any modules that are enabled in the configuration file or `modules.d`
|
|||
|
|
directory. If there's a conflict, the configuration specified at the command
|
|||
|
|
line is used.
|
|||
|
|
|
|||
|
|
The following command enables and runs the `nginx`,`mysql`, and `system`
|
|||
|
|
modules.
|
|||
|
|
|
|||
|
|
*deb and rpm:*
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----
|
|||
|
|
{beatname_lc} --modules nginx,mysql,system
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
*mac:*
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----
|
|||
|
|
./{beatname_lc} --modules nginx,mysql,system
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
*win:*
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----
|
|||
|
|
PS > .{backslash}{beatname_lc}.exe --modules nginx,mysql,system
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
The default module configurations assume that the logs you’re harvesting are
|
|||
|
|
in the location expected for your OS and that the behavior of the module is
|
|||
|
|
appropriate for your environment. To change the default configurations, you need
|
|||
|
|
to <<specify-variable-settings,specify variable settings>>.
|
|||
|
|
|
|||
|
|
[float]
|
|||
|
|
[[enable-modules-config-file]]
|
|||
|
|
=== Enable module configs in the +{beatname_lc}.yml+ file
|
|||
|
|
|
|||
|
|
When possible, you should use the config files in the `modules.d` directory.
|
|||
|
|
|
|||
|
|
However, enabling <<{beatname_lc}-modules,modules>> directly in the config file is a
|
|||
|
|
practical approach if you have upgraded from a previous version of {beatname_uc}
|
|||
|
|
and don't want to move your module configs to the `modules.d` directory. You can
|
|||
|
|
continue to configure modules in the +{beatname_lc}.yml+ file, but you won't be
|
|||
|
|
able to use the `modules` command to enable and disable configurations because
|
|||
|
|
the command requires the `modules.d` layout.
|
|||
|
|
|
|||
|
|
To enable specific modules in the +{beatname_lc}.yml+ config file, you can add
|
|||
|
|
entries to the +{beatname_lc}.modules+ list. Each entry in the list begins with
|
|||
|
|
a dash (-) and is followed by settings for that module.
|
|||
|
|
|
|||
|
|
The following example shows a configuration that runs the `nginx`,`mysql`, and
|
|||
|
|
`system` modules.
|
|||
|
|
|
|||
|
|
["source","yaml",subs="attributes"]
|
|||
|
|
----
|
|||
|
|
{beatname_lc}.modules:
|
|||
|
|
- module: nginx
|
|||
|
|
- module: mysql
|
|||
|
|
- module: system
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
The default module configurations assume that the logs you’re harvesting are
|
|||
|
|
in the location expected for your OS and that the behavior of the module is
|
|||
|
|
appropriate for your environment. To change the default configurations, you need
|
|||
|
|
to <<specify-variable-settings,specify variable settings>>.
|
|||
|
|
|
|||
|
|
[[specify-variable-settings]]
|
|||
|
|
=== Specify variable settings
|
|||
|
|
|
|||
|
|
include::./include/set-paths.asciidoc[]
|
|||
|
|
|
|||
|
|
[[advanced-settings]]
|
|||
|
|
=== Advanced settings
|
|||
|
|
|
|||
|
|
Behind the scenes, each module starts a {beatname_uc} input. Advanced users
|
|||
|
|
can add or override any input settings. For example, you can set
|
|||
|
|
<<{beatname_lc}-input-log-close-eof,close_eof>> to `true` in the module
|
|||
|
|
configuration:
|
|||
|
|
|
|||
|
|
[source,yaml]
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
- module: nginx
|
|||
|
|
access:
|
|||
|
|
input:
|
|||
|
|
close_eof: true
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
|
|||
|
|
Or at the command line when you run {beatname_uc}:
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
-M "nginx.access.input.close_eof=true"
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
|
|||
|
|
You can use wildcards to change variables or settings for multiple
|
|||
|
|
modules/filesets at once. For example, you can enable `close_eof` for all the
|
|||
|
|
filesets in the `nginx` module:
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
-M "nginx.*.input.close_eof=true"
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
|
|||
|
|
You can also enable `close_eof` for all inputs created by any of the modules:
|
|||
|
|
|
|||
|
|
["source","sh",subs="attributes"]
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
-M "*.*.input.close_eof=true"
|
|||
|
|
----------------------------------------------------------------------
|
|||
|
|
|
|||
|
|
:modulename!:
|
|||
|
|
|