diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..53cb032
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+ARG ELASTICSTACK_VERSION=8.1.2
+FROM docker.elastic.co/beats/filebeat:${ELASTICSTACK_VERSION}
+
+COPY --chown=root:filebeat filebeat.yml /usr/share/filebeat/filebeat.yml
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f1340b4
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,20 @@
+.PHONY: build
+
+REGISTRY_IP=docker.registry
+# linux/arm/v7
+# linux/arm/v6
+# linux/arm64
+# linux/amd64
+PLATFORM=linux/arm64,linux/amd64
+#VERBOSITY=info
+VERBOSITY=debug
+
+## build
+
+build:
+	$(shell docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY))
+
+## management
+
+status:
+	@curl -s $(REGISTRY_IP):5000/v2/_catalog | jq
diff --git a/filebeat.yml b/filebeat.yml
new file mode 100644
index 0000000..7c5adb8
--- /dev/null
+++ b/filebeat.yml
@@ -0,0 +1,39 @@
+filebeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    reload.enabled: false
+
+filebeat.autodiscover:
+  providers:
+    - type: docker
+      hints.enabled: true
+
+processors:
+  - add_cloud_metadata: ~
+
+output.elasticsearch:
+  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
+  username: '${ELASTICSEARCH_USERNAME:}'
+  password: '${ELASTICSEARCH_PASSWORD:}'
+
+#filebeat.inputs:
+#  - type: container
+#    paths:
+#      - '/var/lib/docker/containers/*/*.log'
+#
+#processors:
+#  - add_docker_metadata:
+#      host: "unix:///var/run/docker.sock"
+#
+#  - decode_json_fields:
+#      fields: ["message"]
+#      target: "json"
+#      overwrite_keys: true
+#
+#output.elasticsearch:
+#  hosts: ["elasticsearch:9200"]
+#  indices:
+#    - index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
+#
+#logging.json: true
+#logging.metrics.enabled: false
\ No newline at end of file