97 lines
2 KiB
Text
97 lines
2 KiB
Text
////
|
|
This file is generated! See scripts/docs_collector.py
|
|
////
|
|
|
|
[[filebeat-module-system]]
|
|
:modulename: system
|
|
:has-dashboards: true
|
|
|
|
== System module
|
|
|
|
The +{modulename}+ module collects and parses logs created by the system logging
|
|
service of common Unix/Linux based distributions.
|
|
|
|
include::../include/what-happens.asciidoc[]
|
|
|
|
[float]
|
|
=== Compatibility
|
|
|
|
This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and
|
|
macOS Sierra.
|
|
|
|
This module requires the
|
|
{elasticsearch-plugins}/ingest-user-agent.html[ingest-user-agent] and
|
|
{elasticsearch-plugins}/ingest-geoip.html[ingest-geoip] Elasticsearch plugins.
|
|
|
|
This module is not available for Windows.
|
|
|
|
include::../include/running-modules.asciidoc[]
|
|
|
|
[float]
|
|
=== Example dashboards
|
|
|
|
This module comes with sample dashboards. For example:
|
|
|
|
[role="screenshot"]
|
|
image::./images/kibana-system.png[]
|
|
|
|
include::../include/configuring-intro.asciidoc[]
|
|
|
|
The following example shows how to set paths in the +modules.d/{modulename}.yml+
|
|
file to override the default paths for the syslog and authorization logs:
|
|
|
|
["source","yaml",subs="attributes"]
|
|
-----
|
|
- module: system
|
|
syslog:
|
|
enabled: true
|
|
var.paths: ["/path/to/log/syslog*"]
|
|
auth:
|
|
enabled: true
|
|
var.paths: ["/path/to/log/auth.log*"]
|
|
-----
|
|
|
|
|
|
To specify the same settings at the command line, you use:
|
|
|
|
["source","sh",subs="attributes"]
|
|
-----
|
|
-M "system.syslog.var.paths=[/path/to/log/syslog*]" -M "system.auth.var.paths=[/path/to/log/auth.log*]"
|
|
-----
|
|
|
|
|
|
|
|
|
|
//set the fileset name used in the included example
|
|
:fileset_ex: syslog
|
|
|
|
include::../include/config-option-intro.asciidoc[]
|
|
|
|
|
|
[float]
|
|
==== `syslog` fileset settings
|
|
|
|
include::../include/var-paths.asciidoc[]
|
|
|
|
include::../include/var-convert-timezone.asciidoc[]
|
|
|
|
[float]
|
|
==== `auth` fileset settings
|
|
|
|
include::../include/var-paths.asciidoc[]
|
|
|
|
include::../include/var-convert-timezone.asciidoc[]
|
|
|
|
:has-dashboards!:
|
|
|
|
:fileset_ex!:
|
|
|
|
:modulename!:
|
|
|
|
|
|
[float]
|
|
=== Fields
|
|
|
|
For a description of each field in the module, see the
|
|
<<exported-fields-system,exported fields>> section.
|
|
|