Filebeat: Receiving Docker logs in Kafka

Knowledge Bits

December 04, 2024

1 min read

Filebeat: Receiving Docker logs in Kafka

Comrade H.
Comrade H. WAF Engineer linkedin icon Follow

Add to my AI research

ChatGPT icon Perplexity icon ClaudeAI icon Gemini icon

Subscribe to Weekly Digest

Exclusive to SOC Prime users

Newsletter Icon
To receive logs from your containers in Kafka topic, we have to do these steps:
  1. Install Filebeat
  2. echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
  3. sudo apt-get update && sudo apt-get install filebeat
  2. Edit the configuration file /etc/filebeat/filebeat.yml with these lines
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~

filebeat.inputs:
- type: container
  paths:
    - '/var/lib/docker/containers/*/*.log'

# ============================= Kafka Output =============================

output.kafka:
  hosts: ["kafka-server:9093"]
  topic: "docker-logs"
  ssl.certificate_authorities: "/etc/filebeat/certs/caroot.pem"
  ssl.certificate: "/etc/filebeat/certs/cert.pem"
  ssl.key: "/etc/filebeat/certs/key.pem"
  max_message_bytes: 2000000

 3. Enable Filebeat service sudo systemctl enable filebeat
 4. Restart Filebeat.

Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.
Join for Free Book a Meeting

More Knowledge Bits Articles

Message Queues vs. Streaming Systems: Key Differences and Use Cases 5 min read Knowledge Bits Message Queues vs. Streaming Systems: Key Differences and Use Cases by Oleksii K. What is Event Streaming in Apache Kafka? 2 min read Knowledge Bits What is Event Streaming in Apache Kafka? by Oleksii K. Reducing Kafka Lag: Optimizing Kafka Performance 3 min read Knowledge Bits Reducing Kafka Lag: Optimizing Kafka Performance by Oleksii K.