Building Beats - linux-on-ibm-z/docs GitHub Wiki
The instructions provided below specify the steps to build Beats 9.3.1 on Linux on IBM Z for the following distributions:
- RHEL (8.10, 9.4, 9.6, 9.7)
- SLES 15 SP7
- Ubuntu (22.04, 24.04)
General Notes:
-
When following the steps below please use a standard permission user unless otherwise specified.
-
A directory
/<source_root>/will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.
If you want to build Beats using manual steps, go to STEP 2.
Use the following commands to build Beats using the build script. Please make sure you have wget installed.
wget -q https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Beats/9.3.1/build_beats.sh
# Build Beats
bash build_beats.sh [Provide -t option for executing build with tests]If the build completes successfully, go to STEP 4. In case of error, check logs for more details or go to STEP 2 to follow manual build steps.
export SOURCE_ROOT=/<source_root>/
export PATCH_URL="https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Beats/9.3.1/patch"-
RHEL (8.10, 9.4, 9.6, 9.7)
sudo yum install -y git curl make wget tar gcc gcc-c++ libpcap-devel openssl openssl-devel which acl zlib-devel patch systemd-devel libjpeg-devel python3.11 python3.11-devel bzip2-devel gdbm-devel libdb-devel libffi-devel libuuid-devel ncurses-devel readline-devel sqlite-devel tk-devel xz xz-devel iproute
-
SLES 15 SP7
sudo zypper install -y git curl gawk make wget tar gcc gcc-c++ libpcap libpcap-devel acl patch libsystemd0 systemd-devel libjpeg62-devel openssl libopenssl-devel zlib-devel gzip gdbm-devel libbz2-devel libdb-4_8-devel libffi-devel libnsl-devel libuuid-devel ncurses-devel readline-devel sqlite3-devel tk xz-devel timezone iproute2
-
Ubuntu (22.04, 24.04)
sudo apt-get update sudo DEBIAN_FRONTEND=noninteractive apt-get install -y git curl make wget tar gcc g++ libcap-dev libpcap0.8-dev openssl libssh-dev acl rsync tzdata patch fdclone libsystemd-dev libjpeg-dev libffi-dev libbz2-dev libdb-dev libgdbm-dev liblzma-dev libncurses-dev libreadline-dev libsqlite3-dev libssl-dev tk-dev uuid-dev xz-utils zlib1g-dev iproute2
-
Install
Python 3.11.4Python >= 3.7 is required for running tests. Install
Python 3.11.4using the following script:wget -q https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz tar -xzf Python-3.11.4.tgz cd Python-3.11.4 ./configure --prefix=/opt/python3.11 --enable-optimizations --with-lto make -j$(nproc) sudo make install export PATH=/opt/python3.11/bin:$PATH -
Install
rustccd $SOURCE_ROOT wget --no-check-certificate -O rustup-init.sh https://sh.rustup.rs bash rustup-init.sh -y export PATH=$PATH:$HOME/.cargo/bin
cd $SOURCE_ROOT
wget --no-check-certificate https://go.dev/dl/go1.24.11.linux-s390x.tar.gz
chmod ugo+r go1.24.11.linux-s390x.tar.gz
sudo tar -C /usr/local -xzf go1.24.11.linux-s390x.tar.gz
export PATH=$PATH:/usr/local/go/bin
sudo ln /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc # For RHEL & SLES
go versionexport GOPATH=$(go env GOPATH)
mkdir -p $GOPATH
export PATH=$GOPATH/bin:$PATHThe default permissions of files in the GOPATH directory should not have write access for group or others. Check default permissions using the below commands
cd $GOPATH
touch test && ls -la test && rm testIf group or others have write access to this test file, then we have to change the default permissions using ACL.
sudo setfacl -dm u::rwx,g::r,o::r $GOPATH
cd $GOPATH
touch test && ls -la test && rm testIf you get an error like setfacl: Operation not supported. ACL might be disabled on your filesystem. To enable ACL refer the below links:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-access_control_lists (RHEL)
https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-security-acls.html (SLES)
https://help.ubuntu.com/community/FilePermissionsACLs (Ubuntu)
Please note that ACL cannot be enabled or modified from NFS client.
export GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=true
export PYTHON_EXE=python3.11
mkdir -p $GOPATH/src/github.com/elastic
cd $GOPATH/src/github.com/elastic
git clone -b v9.3.1 https://github.com/elastic/beats.gitCurrently Beats available for linux are: filebeat, packetbeat, metricbeat, heartbeat and auditbeat.
3.2.1. To compile, test and generate configuration files for a particular Beat use the commands as shown below
- For
filebeat,packetbeatandheartbeat
cd $GOPATH/src/github.com/elastic/beats/<beat_name>
make
make update
make fmt
make unit
make system-tests
cp -r build/kibana . # For filebeat and packetbeat only- For
auditbeat
cd $GOPATH/src/github.com/elastic/beats/auditbeat
go mod tidy
make
make update
make fmt
cd $GOPATH/src/github.com/elastic
git clone -b v0.2.0 https://github.com/elastic/tk-btf.git
cd tk-btf
curl -sSL ${PATCH_URL}/tk-btf.patch | git apply - || error "tk-btf patch"
go generate ./...
cd $GOPATH/src/github.com/elastic/beats/auditbeat
go mod edit -replace=github.com/elastic/[email protected]=$GOPATH/src/github.com/elastic/tk-btf
go mod tidy
make unit
make test
cp -r build/kibana .- For
metricbeat
cd $GOPATH/src/github.com/elastic/beats/metricbeat
go install github.com/magefile/mage@latest
mage build
mage update
mage fmt
mage unitTest
cp -r build/kibana .For example, for Packetbeat:
cd $GOPATH/src/github.com/elastic/beats/packetbeat
make
make update
make fmt
make unit
make system-tests
cp -r build/kibana .Notes:
- We are skipping integration-test as it uses dockerfiles and docker images specific to x86.
- Below tests are failing on s390x and x86
github.com/elastic/beats/v7/filebeat/input/journald
To run a Beat use the command as shown below.
cd $GOPATH/src/github.com/elastic/beats/<beat_name>
sudo ./<beat_name> setup -e --strict.perms=false
sudo ./<beat_name> -e -d "publish" --strict.perms=falseFor example, for Packetbeat:
cd $GOPATH/src/github.com/elastic/beats/packetbeat
sudo ./packetbeat setup -e --strict.perms=false
sudo ./packetbeat -e -d "publish" --strict.perms=false