Working with Beats

https://www.elastic.co/beats

A collection of open source Logshippers that are lightweight agents that you can install on different systems that can gather different information

• they are written in GO
• because it is open source, the community can write their own
• they don't require any dependencies

Beats is next to Logstash

• can take data and send it to an Elasticsearch index
• gather data and send it to Logstash and then Logstash will extend it to Elasticsearch

Common Beats

Filebeat

• Collecting and shipping log files

Packetbeat

• Packet Analyzer

Metricbeat

• Records system and service metrics

Winlogbeat

• Windows Event logs

Auditbeat

• Linux user and process activity

Beats Modules

Filebeat and Metricbeat support modules

• built in configurations for specific platforms and systems
• Modules minimize the need to configure settings the pre configured settings will work for the specific service in most cases

Beat Command Line Tool