Beats

Beats - Lightweight shippers for Elasticsearch & Logstash

Docker 서비스 통합

• ELK에서 Docker log 수집하기

Docker container의 로그를 ELK에서 수집하기 위해서는 몇가지 방법을 생각해 볼 수 있을 것 같다.

• Autodiscovery 기능을 활용
• Syslog log driver를 사용하는 방법
• Fluentd를 통해 elasticsearch로 로그를 전송하는 방법
• Volume mount를 이용한 방법
• Filebeat에서 add_docker_metadata processor를 사용하는 방법

Officially supported Beats

• Auditbeat - Collect your Linux audit framework data and monitor the integrity of your files.
• Filebeat - Tails and ships log files
• Functionbeat - Read and ships events from serverless infrastructure.
• Heartbeat - Ping remote services for availability
• Journalbeat - Read and ships event from Journald.
• Metricbeat - Fetches sets of metrics from the operating system and services
• Packetbeat - Monitors the network and applications by sniffing packets
• Winlogbeat - Fetches and ships Windows Event logs

ELK Stack

• Elasticsearch
• Logstash
• Kibana

Favorite site

• Beats Platform Reference (6.3) > Overview
• Docker-ELK와 Filebeat, Node.js 로 로그 시스템 구축하기
• A Filebeat Tutorial: Getting Started