|||
#Journalbeat
Sending beats from journalctl (systemd’s logging provider) to logstash/elasticsearch with JournalBeat on Github
Install required packages to build (libsystemd-dev and golang-go)
$ sudo apt install libsystemd-dev golang-go
$ vi ~/.bashrcAdd the following lines:
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/binOpen a new shell. (or ‘. ~/.bashrc’)
$ go get github.com/mheese/journalbeatOnce retrieved, move files to production locations (including other computers)
sudo cp ~/go/bin/journalbeat /bin/
sudo mkdir -p /etc/journalbeat/ && sudo cp ~/go/src/github.com/mheese/journalbeat/etc/journalbeat.yml /etc/journalbeat/Adjust journalbeat.yml as needed
sudo vi /etc/journalbeat/journalbeat.ymlCreate systemd unit file
sudo vi /lib/systemd/system/journalbeat.service[Unit]
Description=JournalBeat service
[Service]
ExecStart=/bin/journalbeat -c /etc/journalbeat/journalbeat.yml
StandardOutput=null
[Install]
WantedBy=multi-user.target
Alias=journalbeat.serviceTest service
sudo systemctl start journalbeat
sudo systemctl status journalbeatIf everything looks good
sudo systemctl enable journalbeat