1 files changed, 28 insertions, 0 deletions

diff --git a/system/filebeat-oss/README b/system/filebeat-oss/README
new file mode 100644
index 0000000000..e4f187df9c
--- /dev/null
+++ b/system/filebeat-oss/README
@@ -0,0 +1,28 @@
+filebeat-oss (Lightweight shipper for logs)
+
+Whether you’re collecting from security devices, cloud, containers,
+hosts, or OT, Filebeat helps you keep the simple things simple by
+offering a lightweight way to forward and centralize logs and files.
+
+Filebeat is a lightweight shipper for forwarding and centralizing
+log data. Installed as an agent on your servers, Filebeat monitors
+the log files or locations that you specify, collects log events,
+and forwards them either to Elasticsearch or Logstash for indexing.
+
+https://www.elastic.co/beats/filebeat
+https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html
+
+If you intend to use filebeat with elasticsearch:
+Add this to /etc/rc.d/rc.local:
+if [ -x /etc/rc.d/rc.filebeat ]; then
+   /etc/rc.d/rc.filebeat start
+fi
+
+Add this to /etc/rc.d/rc.local_shutdown
+if [ -x /etc/rc.d/rc.filebeat ]; then
+   /etc/rc.d/rc.filebeat stop
+fi
+
+The previous instruction is not necessary if you are going to
+use the filebeat with graylog , the graylog is what starts the
+filebeat.