Log Centralization
The below serves as an example. Update the files so the settings match your deployment, and conder using CI/CD and a container registry to build, version and distribute the Docker image for your deployment
The official SCS repository contains an example configuration for using an Elastic Filebeat Docker container to centralize the logs generated by the SCS.
Use the Docker file to build a Docker image based on the official Filebeat Docker image, that includes the following additional configuration for centralizing SCS logs:
- A custom ‘scs’ Filebeat module
- An extended fields.yaml file, with additional fields for SCS logs
Inside the fields.APPEND.yml file, you can see the additional fields that are used to store SCS log data in ElasticSearch. Change the ‘scs’ module configuration file of the example to disable/enable the centralization of each type of logs, and change the log file paths.
To built the image, clone the repository locally, and run the following inside the ‘examples/filebeat’ directory:
docker build . -t filebeat-scs
To use the built image, add a service to the Docker compose-file of your SCS deployment, for example:
filebeat:
image: filebeat-scs
environment:
# See https://www.elastic.co/guide/en/beats/filebeat/8.2/running-on-docker.html
# for more configuration options
- output.elasticsearch.hosts=${ELASTICSEARCH_HOSTS:?error}
volumes:
# The logs are shared between the containers using a Docker volume
- scs-logs:/var/log/scs