Previously we have installed a Logstash instance on our ELK stack server. This time let’s focus on web application in Docker container and add Filebeat agent installation to container Dockerfile.
Filebeat is utility which is required to be present on host to be able to send logs via Logstash pipeline.
To make sure it is installed in container image let’s add few lines to appserver.dockerfile. Following official installation instruction from Elastic documentation we need to add elasticsearch GPG key, install required utilities (gnupg2 and transport-https) and add elastic repository. Only after performing these steps we are able to successfully run installation with following command:
apt-get update && apt-get install filebeat
Additionally we create and start the filebeat service. Last thing to make sure of is to expose port required for outgoing communication to Logstash server (5044).
Below you can find how prepared Dockerfile looks like:
One note here: in order to make solution more modularised and future-proof I’ve split the part of configuring application server host (app01, where Docker is hosted) and deploying appserver container into two separate roles / playbooks. The changes are reflected in my project Github repository.
In order to build image and deploy container run following command from project main directory:
To make sure that Filebeat is running correctly run this command within the container instance:
service filebeat status
In my next entry we will create pipeline to send application server logs to Elasticsearch instance on a remote host.