Deploying Filebeat on macOS
Got a few questions about the way I’ve deployed Filebeat to transport OSQuery logs over the past few days, so I thought I’d do a quick writeup about it.
There are a few components to this.
- Filebeat executable (the Darwin version)
filebeat.yml(config file to tell Filebeat where to deliver the logs to)- Certificates (for TLS transport, placed in your location of choice)
com.elastic.filebeat.plist(Launchd task to daemonize Filebeat)