josh-thurston / easybeats Goto Github PK

View Code? Open in Web Editor NEW

84.0 84.0 28.0 3.3 MB

Beats for Raspberry Pi / ARM

License: Apache License 2.0

Shell 100.00%

easybeats's People

Contributors

Stargazers

Watchers

easybeats's Issues

Directory issue while installing easyBEATS

Hi Josh,

I've attempted to create the folder path(s) to successfully install easyBEATS but to no avail. Here is the error that the script returned.

`cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat/': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.reference.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/module': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/modules.d/': No such file or directory
cp: cannot stat '/root/easyBEATS/services/metricbeat.service': No such file or directory
Failed to enable unit: Unit file metricbeat.service does not exist.
Creating /usr/share/filebeat directory...
Creating /etc/filebeat directory...
Creating /var/lib/filebeat directory...
Installing filebeat locally...
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat.reference.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/module': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/modules.d/': No such file or directory
cp: cannot stat '/root/easyBEATS/services/filebeat.service': No such file or directory

Here are the folder paths that I created I still receive those errors:
~/beat-factory/src/github.com/elastic/beats/filebeat$
&
~/beat-factory/src/github.com/elastic/beats/metricbeat$

mage: command not found

Hi, I'm having some issues during the installation. All goes well until the point when installing metricbeat/filebeat:

_Proceeding without swap space.

Compiling Beats...
Compiling metricbeat
./easyBEATS: line 28: mage: command not found
metricbeat created
Compiling filebeat
./easyBEATS: line 28: mage: command not found
filebeat created

Installing on your local system...
Installing metricbeat locally...
cp: cannot stat '/tmp/beats/metricbeat/metricbeat': No such file or directory
cp: cannot stat '/root/easyBEATS/services/metricbeat.service': No such file or directory
Failed to enable unit: Unit file metricbeat.service does not exist.
Installing filebeat locally...
cp: cannot stat '/tmp/beats/filebeat/filebeat': No such file or directory
cp: cannot stat '/root/easyBEATS/services/filebeat.service': No such file or directory
Failed to enable unit: Unit file filebeat.service does not exist.
Cleaning up working files..._

Thanks a lot

p.s. Installation was done on Raspbian (Raspberry Pi 4)

PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian

Issue with the installation on armhf

Hi Josh,

Tried to build filebeat and metricbeat. (off the shelf) and failed instantly.

Any idea what I could try?

Reading package lists... Done
Building dependency tree
Reading state information... Done
libpcap-dev is already the newest version (1.8.1-6).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Dependency installation complete.
---------------------------------------------------------------
Copying source code from Elastic
./easyBEATS: line 52: /root/go/bin/go: cannot execute binary file: Exec format error
---------------------------------------------------------------
Checking out Beats version v7.11.1
./easyBEATS: line 45: cd: /root/beat-factory/src/github.com/elastic/beats: No such file or directory
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
---------------------------------------------------------------
Configuring swap space...
Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
no label, UUID=61f4506d-fa3c-4747-a98d-917d12363047
---------------------------------------------------------------
Compiling Beats...
Compiling metricbeat
./easyBEATS: line 24: cd: /root/beat-factory/src/github.com/elastic/beats/metricbeat: No such file or directory
./easyBEATS: line 25: /root/go/bin/go: cannot execute binary file: Exec format error
make: *** No targets specified and no makefile found.  Stop.
metricbeat created
Compiling filebeat
./easyBEATS: line 24: cd: /root/beat-factory/src/github.com/elastic/beats/filebeat: No such file or directory
./easyBEATS: line 25: /root/go/bin/go: cannot execute binary file: Exec format error
make: *** No targets specified and no makefile found.  Stop.
filebeat created
swapoff /swapfile
Swap space disabled.
---------------------------------------------------------------
Installing on your local system...
Installing metricbeat locally...
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.reference.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/module': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/modules.d/': No such file or directory
cp: cannot stat '/root/easyBEATS/services/metricbeat.service': No such file or directory
Failed to enable unit: Unit file metricbeat.service does not exist.
Installing filebeat locally...
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat.reference.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/filebeat.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/module': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/filebeat/modules.d/': No such file or directory
cp: cannot stat '/root/easyBEATS/services/filebeat.service': No such file or directory
Failed to enable unit: Unit file filebeat.service does not exist.
Cleaning up working files...
Working directory deleted.
Complete

filebeat modules

Thanks for your script for making it easy to install beats on a Raspberry Pi! This saved me a ton of time!

I just wanted to post a suggested workaround to your issue - specifically for filebeat:

Some of the beats products use 'modules' to extend functionality. Typically you can type something similar to "filebeat modules enable osquery" to enable and use the module. I have not been able to get that command to work. To use the modules, you will need to configure the module inside the configuration file.

I got the filebeat modules working by changing the filebeat.yml to point to the absolute path to the modules.d directory:

#============================= Filebeat modules ===============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  #path: ${path.config}/modules.d/*.yml
  path: /etc/filebeat/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

filebeat won't start

ive used your easybeat script on my ubuntu 18.0.14 Pi4 to install filebeat but filebeat won't start.
ive installed it as root (sudo bash)
after installing bit and cloning your code ive updated the script options as follow:

USE_SWAP=false
BEAT_VERSION_NUM="7.7.1"
BEAT_VERSION="17029"

and run the script.
the script seems to run successfully but i can't start it.
i saw that /etc/filebeat directory is empty and so directories under /usr/share/filebeat

could you help me understand what went wrong?
this great tool could save me lots of hassle.

thanks in advace

Install modules

I'm fiddling for something with SIEM from ELK stack and suricata on a raspberry pi.
But when I want to install a module later it doesn't work:

cd /usr/share/filebeat/bin
./filebeat modules enable suricata

The following error appears:
Error initializing beat: error loading config file: stat filebeat.yml: no such file or directory

Means that I can only use the plugins that are already in the /etc/filebeat/modules.d folder?

compile x-pack filebeat

is it possible to compile filebeat under x-pack(has some additional modules)?

Compile error with cannot load io/fs

I'm using the script and getting the below error.

build github.com/elastic/beats/v7/filebeat: cannot load io/fs: malformed module path "io/fs": missing dot in first path element
Error determining list of magefiles: failed to list non-mage gofiles: exit status 1: build github.com/elastic/beats/v7/filebeat: cannot load io/fs: malformed module path "io/fs": missing dot in first path element

Script Error

Possibly a path issue where I am not able to launch Go because my GOPATH is not set correctly. Cant figure out what I am doing wrong though

Error with the script

I've a raspberry pi 4 with 4gb ram with ubuntu installed.
I've followed your guide, modified only some vars using the following config:

# Script variables
UPDATE_SYSTEM=false #change to false if you don't want to upgrade your whole system
INSTALL_DEPS=true #change to false if you have already run this script successfully before
USE_SWAP=false #change to fales if you're using a Pi4 with 2GB of RAM or more
WORKING_DIR="beat-factory" #this directory will be created in /home/pi
#visit https://github.com/elastic/beats/releases to find other version numbers and commit numbers
BEAT_VERSION_NUM="7.5.2" #the version number of the Beats release you want to use
BEAT_VERSION="a9c1414" #the commit number of the Beats release you want to use
#add as many beats as you want to BEAT_NAME separated by a space
BEAT_NAME=( metricbeat ) #metricbeat filebeat packetbeat auditbeat heartbeat
INSTALL_LOCAL=true #set to false if you only want to compile without installing
CLEAN_UP=true #set to false if you want to keep the source files on your Pi

And I've received the following errors:

Dependency installation complete.
---------------------------------------------------------------
Copying source code from Elastic
./easyBEATS: line 53: /usr/share/go/bin/go: No such file or directory
---------------------------------------------------------------
Checking out Beats version 7.5.2
./easyBEATS: line 46: cd: /root/beat-factory/src/github.com/elastic/beats: No such file or directory
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
---------------------------------------------------------------
Proceeding without swap space.
---------------------------------------------------------------
Compiling Beats...
Compiling metricbeat
./easyBEATS: line 25: cd: /root/beat-factory/src/github.com/elastic/beats/metricbeat: No such file or directory
./easyBEATS: line 26: /usr/share/go/bin/go: No such file or directory
make: *** No targets specified and no makefile found.  Stop.
metricbeat created
---------------------------------------------------------------
Installing on your local system...
Installing metricbeat locally...
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.reference.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/metricbeat.yml': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/module': No such file or directory
cp: cannot stat '/root/beat-factory/src/github.com/elastic/beats/metricbeat/modules.d/': No such file or directory
cp: cannot stat '/root/easyBEATS/services/metricbeat.service': No such file or directory
Failed to enable unit: Unit file metricbeat.service does not exist.
Cleaning up working files...
Working directory deleted.
Done, son!

32-bit build on a 64-bit Raspberry Pi

Hello,

I tried building this on my 64-bit Raspberry Pi (uname -m returns aarch64), but the output of the build process for Filbert is 32-bit.

pi@raspberry-0b90d8:/tmp/beats/filebeat $ file filebeat
filebeat: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, BuildID[sha1]=153b309e061257da03ad06dbbf5e3b2f94058e4f, for GNU/Linux 3.2.0, stripped
pi@raspberry-0b90d8:/tmp/beats/filebeat $ ./filebeat
Failed to initialize: trying to run 32Bit binary on 64Bit system

It does work fine on my 32-bit armv7l Pis, but I also need a 64-bit build. Are there any settings I can change to make this work?

Thanks

Packetbeat Dashboards

When I try to load the packet beat dashboards I get the following error
sudo /usr/share/packetbeat/bin/packetbeat setup -c /etc/packetbeat/packetbeat.yml
Overwriting ILM policy is disabled. Set setup.ilm.overwrite:true for enabling.

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Skipping loading dashboards, No directory /usr/share/packetbeat/bin/kibana/7

Support for older versions of Beats?

I am sorry if this is the wrong place to ask for this, but the thing is that I want to send logs from pihole running as a docker container to my Security Onion (https://securityonion.net/) install. Unfortunately, it is stuck on ELK 6.8.7 (as far as I recall). I am not sure if the current version of filebeat will work with that (To be honest, I am trying to fit https://github.com/nin9s/elk-hole into the equation as well and for now I am stuck with the logstash part not working so I don't know yet).

Once that is fixed, I will try to send logs via filebeat and see how well that goes. I am not at all an expert here but I heard at some point that it's best if the version of Beats matches the rest of the ELK stack. So if that happens to be the case, would it be possible to compile a matching version of filebeat using easyBEATS?

Og and btw, thanks for your fantastic work. Pulling support for arm was a major dick move by Elastic.

/klaus

josh-thurston / easybeats Goto Github PK

easybeats's People

Contributors

Stargazers

Watchers

Forkers

easybeats's Issues

_Proceeding without swap space.

Compiling Beats... Compiling metricbeat ./easyBEATS: line 28: mage: command not found metricbeat created Compiling filebeat ./easyBEATS: line 28: mage: command not found filebeat created

Recommend Projects

Recommend Topics

Recommend Org

Compiling Beats...
Compiling metricbeat
./easyBEATS: line 28: mage: command not found
metricbeat created
Compiling filebeat
./easyBEATS: line 28: mage: command not found
filebeat created