AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

Monitor AIX with elastic beats: Observability on AIX

By Aditya Kamath posted 2 days ago

  

Elastic beats are lightweight agents used to ship data to Elasticsearch. Elastic offers distinct Beats for metrics, uptime, logs, and other kinds of data. Installing many shippers on a single host may be necessary, depending on the data you wish to gather. If you have Elasticsearch and Kibana in Linux, then you can monitor AIX data using Elastic Beats. 

Beats version 8.17.1 is now available in the AIX toolbox. Currently we have Metricbeat, Filebeat, and Auditbeat.

To install Beats in AIX, do the following:

dnf install metricbeat auditbeat filebeat

What beats are available in AIX?

Metricbeat—System and application metrics

What it does: Gathers CPU, memory, disk, file system, and process metrics.

Use case: Monitor AIX performance, detect resource exhaustion, and view metrics in the Kibana dashboard.

Sample YAML config file:

# cat metricbeat_cpu.yml 
metricbeat.modules:
  - module: system
    period: 5s
    metricsets:
      - cpu
      - filesystem
      - memory
      - process
    include_cpu_ticks: false

output.elasticsearch:
  hosts: ["https://<Your_IP_Address"]
  username: elastic
  password: <Your_password>
  ssl.verification_mode: none

To run, use: metricbeat -e -c metricbeat.yml

Sample metrics view from kibana

Filebeat—Log File Harvester

What it does: Reads and ships logs line by line.

Use case: Monitor logs like /var/syslog, app logs, and custom directories. Centralize logs from AIX servers into Linux-hosted Elasticsearch.

# cat filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /tmp/testlog.log   # The file you want Filebeat to read

output.elasticsearch:
  hosts: ["https://<Your_IP_Address"]
  username: elastic
  password: <Your_password>
  ssl.verification_mode: none

logging.level: info
logging.to_files: true
logging.files:
  path: "/tmp/filebeat-logs"
  name: filebeat.log
  keepfiles: 3
  permissions: 0644

To run, use: filebeat -e -c filebeat.yml

Sample filebeat beat view

Auditbeat - File integrity and Activity monitoring

What it does: Tracks file changes and user activity.

Use case: Track tampering with scripts, binaries, or cron jobs—useful for compliance and doing file/directory-level monitoring.

Sample YAML config file:

# cat auditbeat.yml 
auditbeat.modules:
- module: file_integrity
  paths:
    - /tmp/testdir

output.elasticsearch:
  hosts: ["https://<Your_IP_Address"]
  username: elastic
  password: <Your_password>
  ssl.verification_mode: none

logging.level: debug 
logging.to_files: true
logging.files:
  path: "/tmp/auditbeat-logs"
  name: auditbeat.log
  keepfiles: 3
  permissions: 0644

To run, use: auditbeat -e -c auditbeat.yml

Sample audit beat view

Additional Information

Find more content about elastic Beats and each beat here.

Content about installing Kibana in Linux: https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-kibana.

Regards,
Toolbox team.

0 comments
8 views

Permalink

https://community.ibm.com/community/user/blogs/aditya-kamath/2025/07/14/monitor-aix-with-elastic-beats-observability-on-ai