Would you like to learn how to do send Syslog messages from a Linux computer to an ElasticSearch server? In this tutorial, we are going to show you how to install Filebeat on a Linux computer and send the Syslog messages to an ElasticSearch server on a computer running Ubuntu Linux.
• Ubuntu 18
• Ubuntu 19
• ElasticSearch 7.6.2
• Kibana 7.6.2
• Filebeat 7.6.2
In our example, The ElastiSearch server IP address is 192.168.15.10.
ElasticSearch Related Tutorial:
On this page, we offer quick access to a list of tutorials related to ElasticSearch installation.
Tutorial Filebeat – Installation on Ubuntu Linux
Set a hostname using the command named hostnamectl.
Reboot the computer.
Download and install the Filebeat package.
Enable the Filebeat module named System.
Edit the Filebeat configuration file named filebeat.yml.
Here is the original file, before our configuration.
Here is the file with our configuration.
In our example, we configured the Filebeat server to connect to the Kibana server 192.168.15.7.
In our example, we configured the Filebeat server to send data to the ElasticSearch server 192.168.15.7.
Use the following command to create the Filebeat dashboards on the Kibana server.
Start the Filebeat service.
Configure the Filebeat service to start during boot time.
Congratulations! You have finished the Filebeat installation on Ubuntu Linux.
Kibana – Accessing the Filebeat Dashboard
Open your browser and enter the IP address of your Kibana server plus :5601.
In our example, the following URL was entered in the Browser:
• http://192.168.100.7:5601
The Kibana web interface should be presented
On the Visualize and Explore Data area, select the Dashboard option.
Search and access the Dashboard named: Syslog dashboard ECS
You should see the Filebeat dashboard.
Congratulations! You are able to access the Filebeat information on the Kibana server.
