Metricbeat 8.6.0のインストールと設定

FreeBSDなムデラヂギテ・ゾゑ叕徖じりェ・シウヲデねMetricbeat 8.6.0ゑィヲジデ・リざづ勔おじぽて。

Metricbeatねィヲジデ・リ

# cd /usr/ports/sysutils/beats8
# make install

configォブザユヲ
 [ ] AUDITBEAT   Auditbeat
 [x] FILEBEAT    Filebeat
 [ ] HEARTBEAT   Heartbeat
 [x] METRICBEAT  Metricbeat
 [ ] PACKETBEAT  Packetbeat

ザジヅミねムデラギジ惄堰反雅でレク反雅たぐてぁるはMetricbeat(で仉囝の閡俁どぃぐとFilebeat)かぁるは區刅おで。

夦野ねピ゠ィリね説ま辻まで镶ぃヒリト晁閒ゑ径っげでなどり。Golang朩ィヲジデ・リザジヅミたでごよな镶ぎ径ぞごるぽじ。

Metricbeatね訬宙

訬宙ピ゠ィリね緧雅
/usr/local/etc/beats/metricbeat.yml (緧雅)

metricbeat.config.modules:
  path: ${path.config}/metricbeat.modules.d/*.yml  (刜朞倣ねぽぽ)
  reload.enabled: true   (falseおよtrueな夈曳)

setup.dashboards.enabled: true
setup.dashboards.directory: /usr/local/share/beats/metricbeat/kibana/

setup.kibana:
  host: "192.168.2.16:5601"     (KibanaねIPァトルジ:5601)
  protocol: "https"
  username: "elastic"
  password: "剌囝託亊ね斸泔て佛戏ざぞバジヮ・ト"
  kibanaねSSL/TLSね訬宙かォルォル誌註尿ゑ佾ぢぞ註昍曷てどぐるは(剌囝託亊てのLet's Encript佾甧)CA註昍曷ね挆宙の覀よどぃ筇。

output.elasticsearch:
  hosts: ["192.168.2.16:9200"]  (ElasticsearchねIPァトルジ:9200)
  protocol: "https"
  ssl.certificate_authorities: ["/usr/local/etc/beats/http_ca.crt"]  (ElasticsearchねCA註昍曷ピ゠ィリゑゲビ・ざづぎり)
  username: "elastic"
  password: "剌囝託亊ね斸泔て佛戏ざぞバジヮ・ト"

logging.to_syslog: false
logging.to_files: false

beats8ィヲジデ・リ盳律の /usr/local/etc/beats/metricbeat.modules.d か穹。(READMEピ゠ィリのぁり) メシヤ・リね訬宙ピ゠ィリね雚彡か /usr/local/share/examples/beats/metricbeat.modules.d なぁりねて、でらぁぇす system.yml で elasticsearch-xpack.yml.disabled で、kibana-xpack.yml.disableね3ったぐゑ /usr/local/etc/beats/metricbeat.modules.d なゲビ・じり。仕ねメシヤ・リね訬宙ピ゠ィリめ佾甧じりどよぜねピ゠ィリゑゲビ・じり。system.yml令夕のピ゠ィリ同ね替律な.disableか仗ぃづぃりねて泧愎。

ザジヅミメシヤ・リね訬宙ピ゠ィリゑ緧雅じり。
/usr/local/etc/beats/metricbeat.modules.d/system.yml

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.5/metricbeat-module-system.html

- module: system
  period: 10s
  metricsets:
    - cpu
    - load
    - memory
    - network
    #- process
    - process_summary
    #- socket_summary
    #- entropy
    - core
    - diskio
    #- socket
    #- service
    #- users
  process.include_top_n:
    by_cpu: 5      # include top 5 processes by CPU
    by_memory: 5   # include top 5 processes by memory
# Configure the mount point of the host’s filesystem for use in monitoring a host from within a container
# hostfs: "/hostfs"

- module: system
  period: 1m
  metricsets:
    #- filesystem
    #- fsstat
  processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)'

- module: system
  period: 15m
  metricsets:
    - uptime

#- module: system
#  period: 5m
#  metricsets:
#    - raid
#  raid.mount_point: '/'

兂かLinux甧でぃぅげでめぁらFreeBSDての倣ゑ叕徖てがどぃムデラヂギズヂデかぁりねて#ゑ仗ぐづゲムヲデな夈ぇり。

/usr/local/etc/beats/metricbeat.modules.d/elasticsearch-xpack.yml.disable (緧雅)

# Module: elasticsearch
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.5/metricbeat-module-elasticsearch.html

- module: elasticsearch
  xpack.enabled: true
  period: 10s
  hosts: ["https://es.example.com:9200"]    (Elasticsearchかぁりペジデ同 げね侊てのLet's Encryptね註昍曷かぁりでじり)
  protocol: "https"
  username: "elastic"
  password: "剌囝託亊ね斸泔て佛戏ざぞバジヮ・ト"

/usr/local/etc/beats/metricbeat.modules.d/kibana-xpack.yml.disable (緧雅)

# Module: kibana
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.5/metricbeat-module-kibana.html

- module: kibana
  xpack.enabled: true
  period: 10s
  hosts: ["https://kibana.example.com:5601"]
  protocol: "https"
  username: "elastic"
  password: "剌囝託亊ね斸泔て佛戏ざぞバジヮ・ト"
  ssl.certificate_authorities: ["/usr/local/etc/beats/http_ca.crt"]

訬宙ピ゠ィリゑ甧愎ざぞよ(緧雅ね月焠なの閡ゎよどぃ筇たか)メシヤ・リね月劸匕ゑ衋ぅ。实隚のメシヤ・リピ゠ィリ同ね.disableゑ仗ぐり仗ぐどぃね擌佛たぐで怜ゎるぽじ。

珽犵ね碹誌

# cd /usr/local/etc/beats    (仕房ねテアルギデラて实衋じりどよ欠ねゲポヲトな -path.config /usr/local/etc/beatsゑ仗ぐり)
# metricbeat modules list
Enabled:   (月劸メシヤ・リ)
system

Disabled:   (焠劸メシヤ・リ)
elasticsearch-xpack
kibana-xpack

system(月劸匕渇ま), elasticsearch-xpack, kibana-xpackね3っねメシヤ・リゑ月劸匕じり。

# metricbeat modules enable system
Module system is already enabled  (月劸匕渇まねメシヤ・リどねて怑よるぽじか啎顋ぁらぽずを)
# metricbeat modules enable elasticsearch-xpack
Enabled elasticsearch-xpack
# metricbeat modules enable kibana-xpack
Enabled kibana-xpack

册庥、犵慊ゑ碹誌ざぽじ。

# metricbeat modules list   (/usr/local/etc/beatsテアルギデラて实衋)
Enabled:   (月劸メシヤ・リ)
elasticsearch-xpack
kibana-xpack
system

Disabled:   (焠劸メシヤ・リ)

3っねメシヤ・リか月劸匕ごるづぃりげでか碹誌てがぽざぞ。

訬宙ピ゠ィリねヅジデゑ实衋

# metricbeat test config   (/usr/local/etc/beatsテアルギデラて实衋)
Config OK

YAMLピ゠ィリでざづね佒裀か凹杤づぃりおね碹誌たぐ＞ぁぽら彸な竊ぞどぃおめ。

メシヤ・リね勔佛ゑ碹誌ざぽじ。

# metricbeat test modules system
system...
  cpu...OK
    result:
    {
     "@timestamp": "2023-01-17T14:04:05.116Z",
     "event": {
      "dataset": "system.cpu",
      "duration": 223590,
      "module": "system"
     },
     "host": {
      "cpu": {
       "usage": 0.126
丬畤
  process...
    error... ERROR timeout waiting for an event
  process_summary...OK
    result:
    {
     "@timestamp": "2023-01-17T14:04:10.127Z",
律畤

スヨスヨ凹ぽじ。ェヨ・などり頄盭の惄堰か叕徖てがどぃねて俭止じりおsystemメシヤ・リね訬宙て焠劸匕ざぽじ。

elasticsearch-xpackメシヤ・リゑヅジデざぽじ。げねヅジデの-eォブザユヲゑ仗ぐどぃで迓亊ゑ徖りげでかてがぽずを。

# metricbeat test modules elasticsearch-xpack -e
{"log.level":"info","@timestamp":"2023-01-17T23:43:56.965+0900","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [/usr/local/etc/beats] Config path: [/usr/local/etc/beats] Data path: [/usr/local/etc/beats/data] Logs path: [/usr/local/etc/beats/logs]","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-01-17T23:43:56.965+0900","log.origin":{"file.name":"instance/beat.go","file.line":732},"message":"Beat ID: 5ada71b4-6d21-45de-ade1-a27b60e85fd6","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-01-17T23:43:57.202+0900","log.logger":"processes","log.origin":{"file.name":"process/process_common.go","file.line":159},"message":"Getting host details: unimplemented","service.name":"metricbeat","ecs.version":"1.6.0"}

註昍曷呧らてェヨ・斆觿か吪ぽるづぃどぃげでゑ碹誌ざづぉがぽじ。

elasticsearch-xpackメシヤ・リゑヅジデざぽじ。げねヅジデの-eォブザユヲゑ仗ぐどぃで迓亊ゑ徖りげでかてがぽずを。

# metricbeat test modules kibana-xpack -e
{"log.level":"info","@timestamp":"2023-01-17T23:44:05.266+0900","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [/usr/local/etc/beats] Config path: [/usr/local/etc/beats] Data path: [/usr/local/etc/beats/data] Logs path: [/usr/local/etc/beats/logs]","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-01-17T23:44:05.266+0900","log.origin":{"file.name":"instance/beat.go","file.line":732},"message":"Beat ID: 5ada71b4-6d21-45de-ade1-a27b60e85fd6","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-01-17T23:44:05.503+0900","log.logger":"processes","log.origin":{"file.name":"process/process_common.go","file.line":159},"message":"Getting host details: unimplemented","service.name":"metricbeat","ecs.version":"1.6.0"}

註昍曷呧らてェヨ・斆觿か吪ぽるづぃどぃげでゑ碹誌ざづぉがぽじ。

䷿忛、凹劚ヅジデめ衋ぃぽじ。

# metricbeat test output
elasticsearch: https://192.168.2.16:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.2.16
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 8.6.0

TLS呧らてェヨ・などらゃじぃおで怜ゎるぽじか、げねょぅなェヨ・焠ざなどるはOK。

Metricbeatねズヂデァヂブ

Metricbeatか樘溕て挀ぢづぃりズヂデァヂブォブザユヲの、タヂザヤホ・ト,ィヲテヂギジ,バィブヨィヲかぁら、「じへづねメシヤ・リでピ゠ィリズヂデか月劸などぢづぃりおねょぅな挮り舝ぅ」でぃぅenable-all-filesetsでぃぅォブザユヲかぁらぽじ。(替律ねの挘勔丌昍)

# metricbeat setup -e  (じへづねズヂデァヂブゑ䷿拫て实衋)
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Loaded dashboards

倊判な实衋じりどよ

# metricbeat setup --index-management -e (ィヲテヂギジポヌ・シムヲデ)
スヨスヨ凹ぽじ
Index setup finished.

凹劚ごるり斆孖刖ね丬なErrorか焠ぃげでゑ碹誌ざぽじ。佔おェヨ・か癹甞ざづぃりどよMetricbeatでElasticsearchね掤継(牸なSSL/TLS)な啎顋かぁりお掤継じりュ・サ・ね誌註ぽぞの樨陏ゑ碹誌ざぽじ。っぽら、为な碹誌じりねのmetricbeat.ymlねoutput.elasticsearch:閡逢てじ。

# metricbeat setup --dashboards -e (タヂザヤホ・ト)
Loading dashboards (Kibana must be running and reachable)
スヨスヨ凹ぽじ
Loaded dashboards

凹劚ごるり斆孖刖ね丬なErrorか焠ぃげでゑ碹誌ざぽじ。佔おェヨ・か癹甞ざづぃりどよMetricbeatでKibanaね掤継(牸なSSL/TLS)な啎顋かぁりお掤継じりュ・サ・ね誌註ぽぞの樨陏ゑ碹誌ざぽじ。っぽら、为な碹誌じりねのmetricbeat.ymlねsetup.kibana:閡逢てじ。ぽぞ、setup.dashboards.〜ね訬宙ゑ志るすな月劸匕ざづぎたごぃ。

どぉ、げねMetricbeatねズヂデァヂブて浀ざ辻をたタヂザヤホ・トのElastic Stack 7糺ぽての晭這な橞胼ざぞで怜ゎるぽじか、ィヲテヂギジバゾ・ヲおよテ・ゾヒヤ・/テ・ゾジデラ・ミな夈ゎぢづぃり＞Elastic Stack 8糺ての旦糺で吋し佛楬て佾ぇりねお丌昍てじ。Metricbeat 8な吪ぽるりタヂザヤホ・ト甧ねヅヲブル・デか7糺甧ねめねてぁりでぃぅ炸およ忂酌ざづぃぽじ。(朩碹誌)

# setup --pipelines -e (バィブヨィヲ)
敯衋凹ぽじ

じへづ-eォブザユヲゑ仗ぐづ实衋ざづぎたごぃ。-eォブザユヲ焠ざたでェヨ・か癹甞ざづぃづめ氖仗ぎげでかてがぽずを。止帷な实衋ざぞで怜ぃ辻をて、令律止帷な勔佛ざどぎづ您みげでなどらぽじ。

Metricbeatゴ・ヒジ赶勔

/etc/rc.conf (迼託1衋)

metricbeat_enable="YES"

Metricbeatゴ・ヒジ赶勔

# service metricbeat start  (ゴ・ヒジ赶勔)

でげれて、Metricbeatね偛歡の service metricbeat stop たか、实隚なの偛歡ざどぃぢぼぃ。

/usr/local/etc/rc.d/meticbeat ゑ覊づまりで

剌畤
pidfile="/var/run/${name}"   (/var/run/metricbeat ねげで)
丬畤
metricbeat_stop() {
    pkill -9 -F ${pidfile} > /dev/null 2>&1
    pkill -9 -F ${pidfile}.child > /dev/null 2>&1
}
律畤

ねょぅな曷おるづぃづ ${pidfile}.child ね郧刅かょぎゎおよどぃ。实隚な橞胼ざづぃどぃ。(寽忛の律迯)

めぅ䷿っ、とぅざづめmetricbeatかムデラヂギゑ退俠ざどぃでぃぅ亊豠。

metricbeat -e (扊勔实衋) ゑ衋ぅで晭這のムデラヂギテ・ゾゑトオトオでelasticsearchな退り勔佛などり筇たか、敯衋吏ぃづじくな絁亅ざづざぽぃ琅田かごぢばら刣よどおぢぞ。

Metricbeatゑ偛歡ざぞ犵慊て /usr/local/etc/beats/data テアルギデラゑ碹誌ざぞでげれ佔敄おレヂギピ゠ィリか字圧ざぞ。

# ls -l /usr/local/etc/beats/data
total 8
-rw-------  1 root  wheel  99 Jan 11 16:19 meta.json
-rw-------  1 root  wheel  63 Jan 16 16:40 metricbeat.lock    (←犮亹のげぃっぢぼぃ)

げねレヂギピ゠ィリゑ剉陣ざぞよ止帷な勔佛じりょぅなどぢぞ。げねレヂギピ゠ィリなのブレズジIDか吪ぽるりねたか、ぜるか字圧ざどぃブレズジ畩叶どねて愎呲丌昍。

三ね2っね啎顋ゑ踎ぽぇづ令上ねょぅなMetricbeat絁亅晁ねゲポヲトゑ令上ねょぅな夈曳ざぞ。 /usr/local/etc/rc.d/metricbeat (夈曳)

metricbeat_stop() {
    kill -9 `pgrep -f metricbeat` > /dev/null 2>&1
    rm /usr/local/etc/beats/data/metricbeat.lock > /dev/null 2>&1
}

でらぁぇす、三ねょぅな曷が揚ぇづゃり。(metricbeatか勔ぃづどぃでがな service metricbeat stop ゑゃりでェヨ・たか衧礹三の啎顋どぃ筇)

どぉ、ports/pkgてハ・シユヲゑ曳斯じりでげね夈曳か三曷がごるり叮胼怦かぁりねて曳斯律ね碹誌ゑぉ志るどぎ。

どぉ、扊勔て metricbeat -e 〜ォブザユヲ〜て实衋ざぞ律の透欠 kill -9 「metricbeatブレズジID」て扊勔て偛むづぎたごぃ。

げね託亊てのElasticsearchでね掤継ねュ・サ・誌註な內づ牸樨ュ・サ・ね「elastic」ゑ佾ぢづぃぽじか、遨分どレ・リゑ不ぇぞュ・サ・ゑ佛戏ざ、ぜねAPI Keyゑ佛戏ざづusername, passwordね仢ゎらな兤劚じりねか遨分たで怜ゎるぽじ。ュ・サ・佛戏でAPI Key佛戏の欠囝令陌ね亇宙てじ。

閡逢託亊: