178 lines
6.4 KiB
Text
178 lines
6.4 KiB
Text
:modulename: apache2 mysql
|
||
|
||
[id="configuration-{beatname_lc}-modules"]
|
||
== Specify which modules to run
|
||
|
||
NOTE: Using {beatname_uc} modules is optional. You may decide to
|
||
<<configuration-{beatname_lc}-options,configure inputs manually>> if you are using
|
||
a log type that isn't supported, or you want to use a different setup.
|
||
|
||
{beatname_uc} <<{beatname_lc}-modules,modules>> provide a quick way for you to get started
|
||
processing common log formats. They contain default configurations,
|
||
Elasticsearch ingest node pipeline definitions, and Kibana dashboards to help you
|
||
implement and deploy a log monitoring solution.
|
||
|
||
{beatname_uc} provides a few different ways to enable modules. You can:
|
||
|
||
* <<enable-modules-d-configs>>
|
||
* <<enable-modules-cli>>
|
||
* <<enable-modules-config-file>>
|
||
|
||
include::../../libbeat/docs/shared-note-file-permissions.asciidoc[]
|
||
|
||
When you enable modules, you can also
|
||
<<specify-variable-settings,specify variable settings>> to change the default
|
||
behavior of the modules, and you can specify
|
||
<<advanced-settings,advanced settings>> to override input settings.
|
||
|
||
Before running {beatname_uc} with modules enabled, make sure you also set up the
|
||
environment to use Kibana dashboards. See <<{beatname_lc}-modules-quickstart>> for
|
||
more information.
|
||
|
||
[float]
|
||
[[enable-modules-d-configs]]
|
||
=== Enable module configs in the `modules.d` directory
|
||
|
||
The `modules.d` directory contains default configurations for all the modules
|
||
available in {beatname_uc}. You can enable or disable specific module configurations
|
||
under `modules.d` by running the
|
||
<<modules-command,`modules enable` or `modules disable`>> commands.
|
||
|
||
For example, to enable the `apache2` and `mysql` configs in the `modules.d`
|
||
directory, you use:
|
||
|
||
include::./include/enable-modules-command.asciidoc[]
|
||
|
||
Then when you run {beatname_uc}, it loads the corresponding module configurations
|
||
specified in the `modules.d` directory (for example, `modules.d/apache2.yml` and
|
||
`modules.d/mysql.yml`).
|
||
|
||
To see a list of enabled and disabled modules, run:
|
||
|
||
include::./include/list-modules-command.asciidoc[]
|
||
|
||
The default module configurations assume that the logs you’re harvesting are
|
||
in the location expected for your OS and that the behavior of the module is
|
||
appropriate for your environment. To change the default configurations, you need
|
||
to <<specify-variable-settings,specify variable settings>>.
|
||
|
||
[float]
|
||
[[enable-modules-cli]]
|
||
=== Enable modules when you run {beatname_uc}
|
||
|
||
To enable specific <<{beatname_lc}-modules,modules>> when you run {beatname_uc} at the
|
||
command line, you can use the `--modules` flag. This approach works well when
|
||
you're getting started and want to specify different modules and settings each
|
||
time you run {beatname_uc}. Any modules specified at the command line will be loaded
|
||
along with any modules that are enabled in the configuration file or `modules.d`
|
||
directory. If there's a conflict, the configuration specified at the command
|
||
line is used.
|
||
|
||
The following command enables and runs the `nginx`,`mysql`, and `system`
|
||
modules.
|
||
|
||
*deb and rpm:*
|
||
|
||
["source","sh",subs="attributes"]
|
||
----
|
||
{beatname_lc} --modules nginx,mysql,system
|
||
----
|
||
|
||
*mac:*
|
||
|
||
["source","sh",subs="attributes"]
|
||
----
|
||
./{beatname_lc} --modules nginx,mysql,system
|
||
----
|
||
|
||
*win:*
|
||
|
||
["source","sh",subs="attributes"]
|
||
----
|
||
PS > .{backslash}{beatname_lc}.exe --modules nginx,mysql,system
|
||
----
|
||
|
||
The default module configurations assume that the logs you’re harvesting are
|
||
in the location expected for your OS and that the behavior of the module is
|
||
appropriate for your environment. To change the default configurations, you need
|
||
to <<specify-variable-settings,specify variable settings>>.
|
||
|
||
[float]
|
||
[[enable-modules-config-file]]
|
||
=== Enable module configs in the +{beatname_lc}.yml+ file
|
||
|
||
When possible, you should use the config files in the `modules.d` directory.
|
||
|
||
However, enabling <<{beatname_lc}-modules,modules>> directly in the config file is a
|
||
practical approach if you have upgraded from a previous version of {beatname_uc}
|
||
and don't want to move your module configs to the `modules.d` directory. You can
|
||
continue to configure modules in the +{beatname_lc}.yml+ file, but you won't be
|
||
able to use the `modules` command to enable and disable configurations because
|
||
the command requires the `modules.d` layout.
|
||
|
||
To enable specific modules in the +{beatname_lc}.yml+ config file, you can add
|
||
entries to the +{beatname_lc}.modules+ list. Each entry in the list begins with
|
||
a dash (-) and is followed by settings for that module.
|
||
|
||
The following example shows a configuration that runs the `nginx`,`mysql`, and
|
||
`system` modules.
|
||
|
||
["source","yaml",subs="attributes"]
|
||
----
|
||
{beatname_lc}.modules:
|
||
- module: nginx
|
||
- module: mysql
|
||
- module: system
|
||
----
|
||
|
||
The default module configurations assume that the logs you’re harvesting are
|
||
in the location expected for your OS and that the behavior of the module is
|
||
appropriate for your environment. To change the default configurations, you need
|
||
to <<specify-variable-settings,specify variable settings>>.
|
||
|
||
[[specify-variable-settings]]
|
||
=== Specify variable settings
|
||
|
||
include::./include/set-paths.asciidoc[]
|
||
|
||
[[advanced-settings]]
|
||
=== Advanced settings
|
||
|
||
Behind the scenes, each module starts a {beatname_uc} input. Advanced users
|
||
can add or override any input settings. For example, you can set
|
||
<<{beatname_lc}-input-log-close-eof,close_eof>> to `true` in the module
|
||
configuration:
|
||
|
||
[source,yaml]
|
||
----------------------------------------------------------------------
|
||
- module: nginx
|
||
access:
|
||
input:
|
||
close_eof: true
|
||
----------------------------------------------------------------------
|
||
|
||
Or at the command line when you run {beatname_uc}:
|
||
|
||
["source","sh",subs="attributes"]
|
||
----------------------------------------------------------------------
|
||
-M "nginx.access.input.close_eof=true"
|
||
----------------------------------------------------------------------
|
||
|
||
You can use wildcards to change variables or settings for multiple
|
||
modules/filesets at once. For example, you can enable `close_eof` for all the
|
||
filesets in the `nginx` module:
|
||
|
||
["source","sh",subs="attributes"]
|
||
----------------------------------------------------------------------
|
||
-M "nginx.*.input.close_eof=true"
|
||
----------------------------------------------------------------------
|
||
|
||
You can also enable `close_eof` for all inputs created by any of the modules:
|
||
|
||
["source","sh",subs="attributes"]
|
||
----------------------------------------------------------------------
|
||
-M "*.*.input.close_eof=true"
|
||
----------------------------------------------------------------------
|
||
|
||
:modulename!:
|
||
|