Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
### inotify for system call monitoring
On `ds-517`
```
yum install inotify-tools
inotifywait -d -r -m /mnt/ceph -o /tmp/inotify.txt --timefmt "%FT%T%z" --format '{"time": "%T","watched": "%w","file":"%f","events":"%e"}'
```
Add the repo
```
[elasticsearch]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
```
Install filebeat
```
yum install filebeat
```
change the default configuration file `/etc/filebeat/filebeat.yml`:
```
output.logstash:
# The Logstash hosts
hosts: ["131.154.184.63:5044"]
```
start and enable the service.
## Activate logrotate
```
/tmp/inotify.txt
{
missingok
daily
copytruncate
rotate 7
compress
olddir /root/inotify
su root root
}
```