Filebeatをインストールする

手順

Repositories for APT and YUM

SSHで接続

PS C:\Users\shirokuma> ssh suricata@192.168.0.3

rootにsu

[suricata@localhost ~]$ su -

GPG-KEYをインポート

[suricata@localhost ~]# rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
ELKと別サーバーのため再度実施

yumリポジトリの追加

[suricata@localhost ~]# vi /etc/yum.repos.d/elastic.repo

[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

filebeatのインストール

[suricata@localhost ~]# yum install filebeat

自動起動の設定

[suricata@localhost ~]#systemctl daemon-reload
[suricata@localhost ~]#systemctl enable filebeat

起動確認

[suricata@localhost ~]#systemctl start filebeat
[suricata@localhost ~]#systemctl stop filebeat
[suricata@localhost ~]#journalctl --unit filebeat