Raspberry/ELK : Installation de Filebeat

80 x served & 23 x viewed

Logstach n’est pas vraiment stable ( Java & Mémoire ne font pas bon ménage )  sur le Raspberry, et j’ai du mal à savoir quel est le problème. Je vais donc le remplacer par Filebeat.
La première étape est l’installation de GO :

$ sudo apt-get update
$ sudo apt-get install golang
$ sudo apt-get install git
$ sudo mkdir /go/
$ sudo mkdir /go/src
$ sudo chown -R pi.pi /go/
$ export GOPATH=/go/src
$ export GOPATH=$HOME/go
$ export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin
$ go get github.com/elastic/beats

Cela bloque …, je lance donc le plan B :

$ sudo apt-get install python-virtualenv
$ export GOPATH=$HOME/go
$ mkdir -p $GOPATH/src/github.com/elastic
$ cd $GOPATH/src/github.com/elastic
$ git clone https://github.com/elastic/beats.git
$ cd beats/
$ make
...
$ cd filebeat/
...
scripts/Makefile:308: recipe for target 'fields' failed
make[1]: *** [fields] Error 1
make[1]: Leaving directory '/home/pi/go/src/github.com/elastic/beats/libbeat'
Makefile:20: recipe for target 'testsuite' failed
make: *** [testsuite] Error 1
$ make
go build -i -ldflags "-X github.com/elastic/beats/libbeat/version.buildTime=2018-10-07T17:18:35Z -X github.com/elastic/beats/libbeat/version.commit=cff3e40cfedb9521d7249caaa569668de203dc59"
../vendor/github.com/elastic/go-txfile/file.go:23:2: cannot find package "math/bits" in any of:
	/home/pi/go/src/github.com/elastic/beats/vendor/math/bits (vendor tree)
	/usr/lib/go-1.7/src/math/bits (from $GOROOT)
	/home/pi/go/src/math/bits (from $GOPATH)
../libbeat/scripts/Makefile:99: recipe for target 'filebeat' failed
make: *** [filebeat] Error 1
...
$ git checkout v6.4.2
HEAD is now at e193f6d68... Set CFLAGS for Packetbeat arm64 cross-compile (#7809) (#8409)
$ GOARCH=arm go build
../vendor/github.com/elastic/go-txfile/file.go:23:2: cannot find package "math/bits" in any of:
/home/pi/go/src/github.com/elastic/beats/vendor/math/bits (vendor tree)
/usr/lib/go-1.7/src/math/bits (from $GOROOT)
/home/pi/go/src/math/bits (from $GOPATH)

Je passe donc au plan C :

$ wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.2-linux-x86.tar.gz
$ tar zxvf filebeat-6.4.2-linux-x86.tar.gz
$ sudo mv filebeat-6.4.2-linux-x86/ /opt/.

Plan D, je passe sur une version précédente (v5.6.3):

$ cd go/src/github.com/elastic/beats/
$ git checkout v5.6.3
Previous HEAD position was e193f6d68... Set CFLAGS for Packetbeat arm64 cross-compile (#7809) (#8409)
HEAD is now at c34337071... Bump version to 5.6.3 in the 5.6 branch
$ cd filebeat/
$ export GOPATH=$HOME/go
$ GOARCH=arm go build
$ sudo cp filebeat /sbin/.
$ cat filebeat.yml | grep -v "#" | grep -v "^$"
filebeat.prospectors:
- input_type: log
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["192.168.0.72:9200"]
$ ./filebeat -v

Enfin cela fonctionne !