cookbook 'filebeat', '= 0.3.3'
filebeat
(36) Versions
0.3.3
-
Follow19
Installs/Configures Elastic Filebeat
cookbook 'filebeat', '= 0.3.3', :supermarket
knife supermarket install filebeat
knife supermarket download filebeat
filebeat Cookbook
This is a Chef cookbook to manage Filebeat.
For Production environment, always prefer the most recent release.
Most Recent Release
cookbook 'filebeat', '~> 0.3.3'
From Git
cookbook 'filebeat', github: 'vkhatri/chef-filebeat', tag: "v0.3.3"
Repository
https://github.com/vkhatri/chef-filebeat
Supported OS
This cookbook was tested on Windows, Amazon & Ubuntu Linux and expected to work on other RHEL platforms.
Major Changes
v0.2.5
- Removed default output configuration attributes for
elasticsearch
,logstash
andfile
- Removed attributed
default['filebeat']['enable_localhost_output']
as defaultoutput
attributes are disabled
Cookbook Dependency
- windows
- powershell
- apt
- yum
Recipes
filebeat::default
- default recipe (use it for run_list)filebeat::install_windows
- install filebeat for windows platformfilebeat::install_package
- install filebeat package for linux platformfilebeat::config
- configure filebeat
LWRP filebeat_prospector
LWRP filebeat_prospector
creates filebeat prospector configuration yaml file under directory node['filebeat']['prospectors_dir']
with file name prospector-#{resource_name}.yml
.
LWRP example
filebeat_prospector 'messages' do paths ['/var/log/messages'] document_type 'apache' ignore_older '24h' scan_frequency '15s' harvester_buffer_size 16384 fields 'type' => 'apacheLogs' end
LWRP Options
- action (optional) - default :create, options: :create, :delete
- paths (optional, String) - filebeat prospector configuration attribute
- type (optional, String) - filebeat prospector configuration attribute
- encoding (optional, String) - filebeat prospector configuration attribute
- fields (optional, Hash) - filebeat prospector configuration attribute
- fields_under_root (optional, TrueClass/FalseClass) - filebeat prospector configuration attribute
- ignore_older (optional, String) - filebeat prospector configuration attribute
- document_type (optional, String) - filebeat prospector configuration attribute
- input_type (optional, String) - filebeat prospector configuration attribute
- scan_frequency (optional, String) - filebeat prospector configuration attribute
- harvester_buffer_size (optional, Integer) - filebeat prospector configuration attribute
- tail_files (optional, TrueClass/FalseClass) - filebeat prospector configuration attribute
- backoff (optional, String) - filebeat prospector configuration attribute
- max_backoff (optional, String) - filebeat prospector configuration attribute
- backoff_factor (optional, Integer) - filebeat prospector configuration attribute
- force_close_files (optional, TrueClass/FalseClass) - filebeat prospector configuration attribute
- include_lines (optional, Array) - A list of regular expressions to match the lines that you want Filebeat to include. Filebeat exports only the lines that match a regular expression in the list. By default, all lines are exported.
- exclude_lines (optional, Array) - A list of regular expressions to match the lines that you want Filebeat to exclude. Filebeat drops any lines that match a regular expression in the list. By default, no lines are dropped.
-
multiline (optional, Hash) - Multiline configuration hash. Options:
pattern
: <regex pattern to match>,negate
: [true/false],match
: [before/after] - exclude_files (optional, Array) - A list of regular expressions to match the files that you want Filebeat prospector instance to exclude.
How to Add Filebeat Output via Node Attribute
ElasticSearch Output
"default_attributes": { "filebeat": { "config": { "output": { "elasticsearch": { "enabled": true, "hosts": ["127.0.0.1:9200"], "save_topology": false, "max_retries": 3, "bulk_max_size": 1000, "flush_interval": null, "protocol": "http", "username": null, "password": null, "index": "filebeat", "path": "/elasticsearch" } } } } }
Logstash Output
"default_attributes": { "filebeat": { "config": { "output": { "logstash": { "enabled": true, "hosts": ["127.0.0.1:5000"], "loadbalance": true, "save_topology": false, "index": "filebeat" } } } } }
File Output
"default_attributes": { "filebeat": { "config": { "output": { "file": { "enabled": true, "path": "/tmp/filebeat", "filename": "filebeat", "rotate_every_kb": 1000, "number_of_files": 7 } } } } }
How to Add Filebeat Prospectors via Node Attribute
Individual prospectors configuration file can be added using attribute default['filebeat']['prospectors']
. Each prospector configuration will
be created as a different yaml file under default['filebeat']['prospector_dir']
with prefix prospector-
"default_attributes": { "filebeat": { "prospectors": { "system_logs": { "filebeat": { "prospectors": [ { "paths": [ "/var/log/messages", "/var/log/syslog" ], "type": "log", "fields": { "type": "system_logs" } } ] } }, "secure_logs": { "filebeat": { "prospectors": [ { "paths": [ "/var/log/secure", "/var/log/auth.log" ], "type": "log", "fields": { "type": "secure_logs" } } ] } }, "apache_logs": { "filebeat": { "prospectors": [ { "paths": [ "/var/log/apache/*.log" ], "type": "log", "ignore_older": "24h", "scan_frequency": "15s", "harvester_buffer_size": 16384, "fields": { "type": "apache_logs" } } ] } } } } }
Above configuration will create three different prospector files - prospector-system_logs.yml, prospector-secure_logs.yml and prospector-apache_logs.yml
Core Attributes
default['filebeat']['version']
(default:1.2.3
): filebeat versiondefault['filebeat']['package_url']
(default:auto
): package url for windows installationdefault['filebeat']['conf_dir']
(default:/etc/filebeat
): filebeat yaml configuration file directorydefault['filebeat']['conf_file']
(default:/etc/filebeat/filebeat.yml
): filebeat configuration filedefault['filebeat']['notify_restart']
(default:true
): whether to restart filebeat service on configuration file changedefault['filebeat']['disable_service']
(default:false
): whether to stop and disable filebeat servicedefault['filebeat']['prospectors_dir']
(default:/etc/filebeat/conf.d
): prospectors configuration file directorydefault['filebeat']['prospectors']
(default:{}
): prospectors configuration file
Configuration File filebeat.yml Attributes
default['filebeat']['config']['filebeat']['prospectors']
(default:[]
): filebeat interface device namedefault['filebeat']['config']['filebeat']['registry_file']
(default:/var/lib/filebeat/registry
): filebeat services to capture packetsdefault['filebeat']['config']['filebeat']['config_dir']
(default:node['filebeat']['prospectors_dir']
): filebeat prospectors configuration files folderdefault['filebeat']['config']['output']
(default:{}
): configure elasticsearch. logstash, file etc. output
For more attribute info, visit below links:
https://github.com/elastic/filebeat/blob/master/etc/filebeat.yml
Filebeat YUM/APT Repository Attributes
default['filebeat']['yum']['description']
(default: ``): beats yum reporitory attributedefault['filebeat']['yum']['gpgcheck']
(default:true
): beats yum reporitory attributedefault['filebeat']['yum']['enabled']
(default:true
): beats yum reporitory attributedefault['filebeat']['yum']['baseurl']
(default:https://packages.elastic.co/beats/yum/el/$basearch
): beatsyum reporitory attributedefault['filebeat']['yum']['gpgkey']
(default:https://packages.elasticsearch.org/GPG-KEY-elasticsearch
): beats yum reporitory attributedefault['filebeat']['yum']['metadata_expire']
(default:3h
): beats yum reporitory attributedefault['filebeat']['yum']['action']
(default::create
): beats yum reporitory attributedefault['filebeat']['apt']['description']
(default:calculated
): beats apt reporitory attributedefault['filebeat']['apt']['components']
(default:['stable', 'main']
): beats apt reporitory attributedefault['filebeat']['apt']['uri']
(default:https://packages.elastic.co/beats/apt
): beats apt reporitory attributedefault['filebeat']['apt']['key']
(default:http://packages.elasticsearch.org/GPG-KEY-elasticsearch
): beats apt reporitory attributedefault['filebeat']['apt']['action']
(default::add
): filebeat apt reporitory attribute
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests (
rake & rake knife
), ensuring they all pass - Write new resource/attribute description to
README.md
- Write description about changes to PR
- Submit a Pull Request using Github
Copyright & License
Authors:: Virender Khatri and Contributors
<pre>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</pre>
Dependent cookbooks
windows >= 0.0.0 |
powershell >= 0.0.0 |
apt >= 0.0.0 |
yum >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
filebeat CHANGELOG
This file is used to list changes made in each version of the filebeat cookbook.
0.3.2
Prerak Shah - Fixed Travis Errors
Prerak Shah - Fixed Unit Tests
Al Lefebvre - Added missing attribute for exclude_files
Luke Lowery - Fixing issue with patterns and older versions of Ruby
Updated YAML engine to adhere to ruby style guidePrerak Shah - Fixed default Install paths for windows
Martin Smith - Respect service flags on package installation
Azat Khadiev - Support spaces in file path for Windows
0.3.1
Virender Khatri - fix for #41
Virender Khatri - added apt-get options, fix for #39
Virender Khatri - bump filebeat version to v1.2.1
0.2.8
Spencer Owen - Adds a tag to berksfile
Chris Barber - cleaning up mixmatch of tabs and spaces. fixed spelling error on prospector
Eric Herot - Fix the formatting on the LWRP example in the README
Roberto Rivera - Add include_lines and exclude lines.
Sean Nolen - #33 added multiline support for LWRP
Sean Nolen - #30 fixed rubocop error
Seva Orlov - #34, restart filebeat on upgrade
Virender Khatri - update to beat v1.1.2
0.2.7
Virender Khatri - #21, add yum_repository resource attribute metadata_expire
Virender Khatri - #20, update to beat v1.0.1
0.2.6
Virender Khatri - #18, added LWRP resource for prospectors
Virender Khatri - #15, fix kitchen test
0.2.5
Virender Khatri - disabled default output configuration and enable_localhost_output attributes
Virender Khatri - #10, handle missing attribute node['filebeat']['windows']['version_string']
Virender Khatri - #6, added specs
Virender Khatri - #13, major changes to support repository package install
0.2.1
Virender Khatri - Added platforms metadata info
Virender Khatri - #8, add missing dependency on powershell for windows platform
Virender Khatri - #9, use resource powershell instead of powershell_script
0.2.0
Brandon Wilson - Include dpkg options to keep old config files when upgrading filebeat to a new release. Without specifying the dpkg options, dpkg will attempt to interactively ask if it should keep the old conf file, or replace it with the vendor supplied conf file which comes with the new version of the package. Since chef is running dpkg non-interactively, it causes dpkg to exit with code 1, and the chef run fails.
Virender Khatri - Fix for #4, handle derived attribute for package_url
Patrick Christopher - Added support for Windows OS
0.1.0
- Virender Khatri - Initial release of filebeat
Check the Markdown Syntax Guide for help with Markdown.
The Github Flavored Markdown page describes the differences between markdown on github and standard markdown.
Foodcritic Metric
0.3.3 passed this metric
0.3.3 passed this metric