Windows ELK8 测试: filebeat8+Metricbeat8+Packetbeat8+Winlogbeat8+Auditbeat8+Heartbeat8搭建日志系统(三)之beats
下载地址:
Filebeat:主要用于收集和转发日志文件。它可以监控指定的日志目录或文件,当日志更新时,Filebeat 就会读取更新的内容并发送到 Elasticsearch 或 Logstash。使用场景包括日志分析、故障排查等。
Metricbeat:用于收集系统和服务的运行指标,如 CPU 使用率、内存使用量、网络流量、磁盘 I/O 等。它可以定期收集这些指标并发送到 Elasticsearch 或 Logstash。使用场景包括系统监控、性能分析等。
Packetbeat:用于收集网络流量数据。它可以实时捕获网络流量,然后解析出各种协议的信息(如 HTTP、MySQL、Redis 等),并将这些信息发送到 Elasticsearch 或 Logstash。使用场景包括网络监控、安全分析等。
Winlogbeat:专门用于收集 Windows 事件日志。它可以读取 Windows 事件日志,然后将日志数据发送到 Elasticsearch 或 Logstash。使用场景包括 Windows 系统监控、安全分析等。
Auditbeat:用于收集 Linux 审计框架的数据,以及文件的改变数据。它可以帮助你了解在系统上发生了什么,包括哪些文件被改变,以及系统调用等。使用场景包括系统审计、文件完整性检查等。
Heartbeat:用于定期检查你的服务是否可用。它可以定期发送请求到你的服务,然后收集响应时间等信息,并将这些信息发送到 Elasticsearch 或 Logstash。使用场景包括服务监控、可用性检查等。
1、Filebeat 部署【不再重复】
Windows ELK8 测试: filebeat8+kakfa+logstash8+elasticsearch8+kibana8 搭建日志系统(一)
2、Metricbeat 部署
因为前面文章我们配置了kibana、Elasticsearch 的安全认证,并且生成好了证书,所以我们现在直接配置Metricbeat
编辑配置文件:metricbeat-8.14.3\metricbeat.yml
metricbeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: true
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
#_source.enabled: false
# =================================== Kibana ===================================
setup.kibana:
host: "https://localhost:5601"
ssl.enabled: true
ssl.certificate_authorities: ["ELK\\kibana-8.14.3\\config\\certs\\ca.pem"]
ssl.certificate: "ELK\\kibana-8.14.3\\config\\certs\\client.crt"
ssl.key: "ELK\\kibana-8.14.3\\config\\certs\\client.key"
# 因为前面我们生成证书没有填:
# Common Name (eg, your name or your server's hostname) []:
# 此处应该填setup.kibana.host的ip或者hostName
ssl.verification_mode: none
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
username: "elastic"
password: "123456"
# api_key: sFizXYoBxPLM4LwrKywe:NMOjRbUvT7ykunWDsVG4uQ
ssl.certificate_authorities: ["ELK\\elasticsearch-8.14.3\\config\\certs\\http_ca.crt"]
# ssl.ca_trusted_fingerprint: "633bf7f6e4bf264e6a05d488af3c686b858fa63592dc83999a0d77f7e9fe5940"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
测试配置文件是否有语法错误
ELK\beats\metricbeat-8.14.3>metricbeat.exe test config
Config OK
测试是否能正确连接到Elasticsearch
ELK\beats\metricbeat-8.14.3>metricbeat.exe test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 8.14.3
查看模块
ELK\beats\metricbeat-8.14.3>metricbeat modules list
Enabled:
system
Disabled:
activemq
aerospike
airflow
apache
aws
awsfargate
azure
beat
beat-xpack
ceph
ceph-mgr
cloudfoundry
cockroachdb
consul
containerd
coredns
couchbase
couchdb
docker
dropwizard
elasticsearch
elasticsearch-xpack
enterprisesearch
enterprisesearch-xpack
envoyproxy
etcd
gcp
golang
graphite
haproxy
http
ibmmq
iis
istio
jolokia
kafka
kibana
kibana-xpack
kubernetes
kvm
linux
logstash
logstash-xpack
memcached
mongodb
mssql
munin
mysql
nats
nginx
openmetrics
oracle
php_fpm
postgresql
prometheus
rabbitmq
redis
redisenterprise
sql
stan
statsd
syncgateway
tomcat
traefik
uwsgi
vsphere
windows
zookeeper
禁用模块:metricbeat modules disable system
启用模块:metricbeat modules enable system
# 初始化metricbeat 运行一次就行,-e 的含义:日志直接命令行输出,而非日志
./metricbeat setup -e
# 启动
./metricbeat -e
打开kibana进入仪表板界面可以看到多了很多模板
查看系统监控(因为我们目前只启用了system模块)
3、Packetbeat 部署
注意:Packetbeat 运行前要先安装 npcap
packetbeat-8.14.3>packetbeat.exe
Exiting: npcap: failed to start Npcap installer: fork/exec C:\Users\admin\AppData\Local\Temp\2458729910\npcap.exe: The requested operation requires elevation.
安装npcap,下载地址
配置:ELK\beats\packetbeat-8.14.3\packetbeat.yml
#################### Packetbeat Configuration Example #########################
# This file is an example configuration file highlighting only the most common
# options. The packetbeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/packetbeat/index.html
# =============================== Network device ===============================
# Select the network interface to sniff the data. On Linux, you can use the
# "any" keyword to sniff on all connected interfaces. On all platforms, you
# can use "default_route", "default_route_ipv4" or "default_route_ipv6"
# to sniff on the device carrying the default route. If you wish to sniff
# on multiple network interfaces you may specify an array of distinct interfaces
# as a YAML array with each device's configuration specified individually.
# Each device may only appear once in the array of interfaces.
#
# packetbeat.interfaces:
# - device: en0
# internal_networks:
# - private
# - device: en1
# internal_networks:
# - private
#
packetbeat.interfaces.device: default_route
# Specify the amount of time between polling for changes in the default
# route. This option is only used when one of the default route devices
# is specified.
packetbeat.interfaces.poll_default_route: 1m
# The network CIDR blocks that are considered "internal" networks for
# the purpose of network perimeter boundary classification. The valid
# values for internal_networks are the same as those that can be used
# with processor network conditions.
#
# For a list of available values see:
# https://www.elastic.co/guide/en/beats/packetbeat/current/defining-processors.html#condition-network
packetbeat.interfaces.internal_networks:
- private
# ==================== Windows Npcap installation settings =====================
# Windows Npcap installation options. These options specify how the Npcap packet
# capture library for Windows should be obtained and installed.
#
#packetbeat.npcap:
# # If a specific local version of Npcap is required, installation by packetbeat
# # can be blocked by setting never_install to true. No action is taken if this
# # option is set to true unless no Npcap is already installed.
# never_install: false
# =================================== Flows ====================================
# Set `enabled: false` or comment out all options to disable flows reporting.
packetbeat.flows:
# Set network flow timeout. Flow is killed if no packet is received before being
# timed out.
timeout: 30s
# Configure reporting period. If set to -1s, only killed flows will be reported
period: 10s
# =========================== Transaction protocols ============================
packetbeat.protocols:
- type: icmp
# Enable ICMPv4 and ICMPv6 monitoring. The default is true.
enabled: true
- type: amqp
# Configure the ports where to listen for AMQP traffic. You can disable
# the AMQP protocol by commenting out the list of ports.
ports: [5672]
- type: cassandra
# Configure the ports where to listen for Cassandra traffic. You can disable
# the Cassandra protocol by commenting out the list of ports.
ports: [9042]
- type: dhcpv4
# Configure the DHCP for IPv4 ports.
ports: [67, 68]
- type: dns
# Configure the ports where to listen for DNS traffic. You can disable
# the DNS protocol by commenting out the list of ports.
ports: [53]
- type: http
# Configure the ports where to listen for HTTP traffic. You can disable
# the HTTP protocol by commenting out the list of ports.
ports: [80, 8080, 8000, 5000, 8002]
- type: memcache
# Configure the ports where to listen for memcache traffic. You can disable
# the Memcache protocol by commenting out the list of ports.
ports: [11211]
- type: mysql
# Configure the ports where to listen for MySQL traffic. You can disable
# the MySQL protocol by commenting out the list of ports.
ports: [3306,3307]
- type: pgsql
# Configure the ports where to listen for Pgsql traffic. You can disable
# the Pgsql protocol by commenting out the list of ports.
ports: [5432]
- type: redis
# Configure the ports where to listen for Redis traffic. You can disable
# the Redis protocol by commenting out the list of ports.
ports: [6379]
- type: thrift
# Configure the ports where to listen for Thrift-RPC traffic. You can disable
# the Thrift-RPC protocol by commenting out the list of ports.
ports: [9090]
- type: mongodb
# Configure the ports where to listen for MongoDB traffic. You can disable
# the MongoDB protocol by commenting out the list of ports.
ports: [27017]
- type: nfs
# Configure the ports where to listen for NFS traffic. You can disable
# the NFS protocol by commenting out the list of ports.
ports: [2049]
- type: tls
# Configure the ports where to listen for TLS traffic. You can disable
# the TLS protocol by commenting out the list of ports.
ports:
- 443 # HTTPS
- 993 # IMAPS
- 995 # POP3S
- 5223 # XMPP over SSL
- 8443
- 8883 # Secure MQTT
- 9243 # Elasticsearch
- type: sip
# Configure the ports where to listen for SIP traffic. You can disable
# the SIP protocol by commenting out the list of ports.
ports: [5060]
# You can monitor tcp SIP traffic by setting the transport_protocol option
# to tcp, it defaults to udp.
#transport_protocol: tcp
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
# ================================== General ===================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# A list of tags to include in every event. In the default configuration file
# the forwarded tag causes Packetbeat to not add any host fields. If you are
# monitoring a network tap or mirror port then add the forwarded tag.
#tags: [forwarded]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
# ================================= Dashboards =================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here or by using the `setup` command.
#setup.dashboards.enabled: false
# The URL from where to download the dashboard archive. By default, this URL
# has a value that is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:
# =================================== Kibana ===================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
host: "https://localhost:5601"
ssl.enabled: true
ssl.certificate_authorities: ["D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\ca.pem"]
ssl.certificate: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.crt"
ssl.key: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.key"
ssl.verification_mode: none
# =============================== Elastic Cloud ================================
# These settings simplify using Packetbeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:
# ================================== Outputs ===================================
# Configure what output to use when sending the data collected by the beat.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["127.0.0.1:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "123456"
# api_key: sFizXYoBxPLM4LwrKywe:NMOjRbUvT7ykunWDsVG4uQ
ssl.certificate_authorities: ["D:\\byj\\ELK\\elasticsearch-8.14.3\\config\\certs\\http_ca.crt"]
# ssl.ca_trusted_fingerprint: "633bf7f6e4bf264e6a05d488af3c686b858fa63592dc83999a0d77f7e9fe5940"
# Pipeline to route events to protocol pipelines.
pipeline: "packetbeat-%{[agent.version]}-routing"
# ------------------------------ Logstash Output -------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
# ================================= Processors =================================
processors:
- # Add forwarded to tags when processing data from a network tap or mirror.
if.contains.tags: forwarded
then:
- drop_fields:
fields: [host]
else:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- detect_mime_type:
field: http.request.body.content
target: http.request.mime_type
- detect_mime_type:
field: http.response.body.content
target: http.response.mime_type
# ================================== Logging ===================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors, use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
#logging.selectors: ["*"]
# ============================= X-Pack Monitoring ==============================
# Packetbeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
#monitoring.enabled: false
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Packetbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch outputs are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:
# ============================== Instrumentation ===============================
# Instrumentation support for the packetbeat.
#instrumentation:
# Set to true to enable instrumentation of packetbeat.
#enabled: false
# Environment in which packetbeat is running on (eg: staging, production, etc.)
#environment: ""
# APM Server hosts to report instrumentation results to.
#hosts:
# - http://localhost:8200
# API Key for the APM Server(s).
# If api_key is set then secret_token will be ignored.
#api_key:
# Secret token for the APM Server(s).
#secret_token:
# ================================= Migration ==================================
# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true
初始化kibana仪表板:packetbeat.exe setup -e
启动
./packetbeat.exe -e
4、Winlogbeat 部署
配置文件:winlogbeat-8.14.3\winlogbeat.yml
###################### Winlogbeat Configuration Example ########################
# This file is an example configuration file highlighting only the most common
# options. The winlogbeat.reference.yml file from the same directory contains
# all the supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/winlogbeat/index.html
# ======================== Winlogbeat specific options =========================
# event_logs specifies a list of event logs to monitor as well as any
# accompanying options. The YAML data type of event_logs is a list of
# dictionaries.
#
# The supported keys are name, id, xml_query, tags, fields, fields_under_root,
# forwarded, ignore_older, level, event_id, provider, and include_xml.
# The xml_query key requires an id and must not be used with the name,
# ignore_older, level, event_id, or provider keys. Please visit the
# documentation for the complete details of each option.
# https://go.es.io/WinlogbeatConfig
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: System
- name: Security
- name: Microsoft-Windows-Sysmon/Operational
- name: Windows PowerShell
event_id: 400, 403, 600, 800
- name: Microsoft-Windows-PowerShell/Operational
event_id: 4103, 4104, 4105, 4106
- name: ForwardedEvents
tags: [forwarded]
# ====================== Elasticsearch template settings =======================
setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
# ================================== General ===================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# The tags of the shipper are included in their field with each
# transaction published.
#tags: ["service-X", "web-tier"]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
# ================================= Dashboards =================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here or by using the `setup` command.
#setup.dashboards.enabled: false
# The URL from where to download the dashboard archive. By default, this URL
# has a value that is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:
# =================================== Kibana ===================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
host: "https://localhost:5601"
ssl.enabled: true
ssl.certificate_authorities: ["D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\ca.pem"]
ssl.certificate: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.crt"
ssl.key: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.key"
ssl.verification_mode: none
# =============================== Elastic Cloud ================================
# These settings simplify using Winlogbeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:
# ================================== Outputs ===================================
# Configure what output to use when sending the data collected by the beat.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["127.0.0.1:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "123456"
# api_key: sFizXYoBxPLM4LwrKywe:NMOjRbUvT7ykunWDsVG4uQ
ssl.certificate_authorities: ["D:\\byj\\ELK\\elasticsearch-8.14.3\\config\\certs\\http_ca.crt"]
# ssl.ca_trusted_fingerprint: "633bf7f6e4bf264e6a05d488af3c686b858fa63592dc83999a0d77f7e9fe5940"
pipeline: "winlogbeat-%{[agent.version]}-routing"
# ------------------------------ Logstash Output -------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
# ================================== Logging ===================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors, use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
#logging.selectors: ["*"]
# ============================= X-Pack Monitoring ==============================
# Winlogbeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
#monitoring.enabled: false
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Winlogbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch outputs are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:
# ============================== Instrumentation ===============================
# Instrumentation support for the winlogbeat.
#instrumentation:
# Set to true to enable instrumentation of winlogbeat.
#enabled: false
# Environment in which winlogbeat is running on (eg: staging, production, etc.)
#environment: ""
# APM Server hosts to report instrumentation results to.
#hosts:
# - http://localhost:8200
# API Key for the APM Server(s).
# If api_key is set then secret_token will be ignored.
#api_key:
# Secret token for the APM Server(s).
#secret_token:
# ================================= Migration ==================================
# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true
执行kiban仪表板初始化
winlogbeat.exe setup -e
启动 winlogbeat.exe
查看kibana
5、Winlogbeat 部署
配置文件:auditbeat-8.14.3\auditbeat.yml
初始化kibana仪表板
# 等待完成自己结束
auditbeat.exe setup -e
启动auditbeat.exe
auditbeat.exe -e
查看kibana
6、Heartbeat 部署
配置文件:heartbeat-8.14.3\heartbeat.yml ,监听 80,9200,5044端口
################### Heartbeat Configuration Example #########################
# This file is an example configuration file highlighting only some common options.
# The heartbeat.reference.yml file in the same directory contains all the supported options
# with detailed comments. You can use it for reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/heartbeat/index.html
############################# Heartbeat ######################################
# Define a directory from which to load monitor definitions. Definitions take the form
# of individual yaml files.
heartbeat.config.monitors:
# Directory + glob pattern to search for configuration files
path: ${path.config}/monitors.d/*.yml
# If enabled, heartbeat will periodically check the config.monitors path for changes
reload.enabled: false
# How often to check for changes
reload.period: 5s
# Configure monitors inline
heartbeat.monitors:
- type: tcp
schedule: '@every 5s'
hosts: ["127.0.0.1"]
ports: [80, 9200, 5044]
ssl:
certificate_authorities: ['D:\\byj\\ELK\\elasticsearch-8.14.3\\config\\certs\\http_ca.crt']
supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
# Total test connection and data exchange timeout
#timeout: 16s
# Name of corresponding APM service, if Elastic APM is in use for the monitored service.
#service.name: my-apm-service-name
# Experimental: Set this to true to run heartbeat monitors exactly once at startup
#heartbeat.run_once: true
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
#_source.enabled: false
# ================================== General ===================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# The tags of the shipper are included in their field with each
# transaction published.
#tags: ["service-X", "web-tier"]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
# =================================== Kibana ===================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
host: "https://localhost:5601"
ssl.enabled: true
ssl.certificate_authorities: ["D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\ca.pem"]
ssl.certificate: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.crt"
ssl.key: "D:\\byj\\ELK\\kibana-8.14.3\\config\\certs\\client.key"
ssl.verification_mode: none
# =============================== Elastic Cloud ================================
# These settings simplify using Heartbeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:
# ================================== Outputs ===================================
# Configure what output to use when sending the data collected by the beat.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["127.0.0.1:9200"]
# Performance preset - one of "balanced", "throughput", "scale",
# "latency", or "custom".
protocol: "https"
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "123456"
ssl.certificate_authorities: ["D:\\byj\\ELK\\elasticsearch-8.14.3\\config\\certs\\http_ca.crt"]
# ssl.ca_trusted_fingerprint: "633bf7f6e4bf264e6a05d488af3c686b858fa63592dc83999a0d77f7e9fe5940"
# ------------------------------ Logstash Output -------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
# ================================= Processors =================================
processors:
- add_observer_metadata:
# Optional, but recommended geo settings for the location Heartbeat is running in
#geo:
# Token describing this location
#name: us-east-1a
# Lat, Lon "
#location: "37.926868, -78.024902"
# ================================== Logging ===================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors, use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
#logging.selectors: ["*"]
# ============================= X-Pack Monitoring ==============================
# Heartbeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
#monitoring.enabled: false
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Heartbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch outputs are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:
# ============================== Instrumentation ===============================
# Instrumentation support for the heartbeat.
#instrumentation:
# Set to true to enable instrumentation of heartbeat.
#enabled: false
# Environment in which heartbeat is running on (eg: staging, production, etc.)
#environment: ""
# APM Server hosts to report instrumentation results to.
#hosts:
# - http://localhost:8200
# API Key for the APM Server(s).
# If api_key is set then secret_token will be ignored.
#api_key:
# Secret token for the APM Server(s).
#secret_token:
# ================================= Migration ==================================
# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true
执行初始化kibana 仪表板、Elasticsearch 模板
heartbeat.exe setup -e
这一步会加载推荐的索引模板,以便写入到 Elasticsearch 中。它**不会**安装 Heartbeat 仪表板。Heartbeat 仪表板及其安装步骤可以在 uptime-contrib GitHub 仓库 中找到。
下载并导入仪表板模板
Stack Management >Kibana >已保存对象>导入:heartbeat-8.14.3\uptime-contrib-master\dashboards\7.x\http_dashboard.ndjson
启动heartbeat.exe
heartbeat.exe -e
857
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
