# 切到oracle用户
su - oracle
curl -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.9.2-linux-x86_64.tar.gz
tar -xzvf filebeat-8.9.2-linux-x86_64.tar.gz
mv filebeat-8.9.2-linux-x86_64 filebeat
cd filebeat
cat /dev/null > filebeat.yml
vi filebeat.yml
# 文末附内容
# 切到root用户
exit
vi /usr/lib/systemd/system/filebeat.service
# 文末附内容
systemctl daemon-reload
systemctl enable --now filebeat
systemctl status filebeat
filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /u01/app/oracle/diag/rdbms/riskfadb/riskfadb1/trace/alert_riskfadb1.log
multiline.pattern: '^(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)[[:space:]]\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|Mm?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|Oo?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b[[:space:]][0-9]{2}[[:space:]][0-9]{2}:[0-9]{2}:[0-9]{2}'
multiline.negate: true
multiline.match: after
fields:
topic: oracle_database- type: log
enabled: true
paths:
- /u01/app/grid/diag/tnslsnr/risk-fa-db1/listener/trace/listener.log
multiline.pattern: '^(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)[[:space:]]\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|Mm?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|Oo?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b[[:space:]][0-9]{2}[[:space:]][0-9]{2}:[0-9]{2}:[0-9]{2}'
multiline.negate: true
multiline.match: after
fields:
topic: oracle_listener- type: log
enabled: true
paths:
- /u01/app/grid/diag/asm/+asm/+ASM1/trace/alert_+ASM1.log
multiline.pattern: '^(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)[[:space:]]\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|Mm?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|Oo?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b[[:space:]][0-9]{2}[[:space:]][0-9]{2}:[0-9]{2}:[0-9]{2}'
multiline.negate: true
multiline.match: after
fields:
topic: oracle_asm- type: log
enabled: true
paths:
- /u01/app/11.2.0.4/grid/log/risk-fa-db1/alertrisk-fa-db1.log
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}[[:space:]][0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3}:'
multiline.negate: true
multiline.match: after
fields:
topic: oracle_clusterware
name: "riskfadb"fields:
ip: "10.1.1.19"
output.kafka:
enabled: true
hosts: ["10.1.5.9:9092"]
version: "0.10"
topic: '%{[fields.topic]}'
partition.round_robin:
reachable_only: true
worker: 2
required_acks: 1
compression: gzip
max_message_bytes: 10000000
logging.level: info
/usr/lib/systemd/system/filebeat.service
[Unit]
Description=filebeat
After=network.target[Service]
User=oracle
ExecStart=/home/oracle/filebeat/filebeat -e -c /home/oracle/filebeat/filebeat.yml
Restart=on-failure[Install]
WantedBy=multi-user.target
版权归原作者 懿瑛 所有, 如有侵权,请联系我们删除。