packetbeat+elasticsearch+kibana集成手册

来源：互联网发布：美颜拍照软件编辑：程序博客网时间：2024/06/05 15:49

配置网卡为混杂模式

ifconfig eth0 promisc

eth0 Link encap:Ethernet HWaddr 00:50:56:92:3F:D9
inet addr:10.1.X.XX Bcast:10.1.5.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe92:3fd9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30547 errors:0 dropped:0 overruns:0 frame:0
TX packets:25991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2608791 (2.4 MiB) TX bytes:2707940 (2.5 MiB)

eth0 Link encap:Ethernet HWaddr 00:50:56:92:3F:D9
inet addr:10.1.X.XX Bcast:10.1.5.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe92:3fd9/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:32345 errors:0 dropped:0 overruns:0 frame:0
TX packets:26033 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2772946 (2.6 MiB) TX bytes:2713764 (2.5 MiB)

启动elasticsearch

su elastic /server/elasticsearch/bin/elasticsearch > /var/log/elasticsearch.log &

启动packetbeat

nohup /server/packetbeat/packetbeat -e -c /server/packetbeat/packetbeat.yml > /var/log/packetbeat.log &

启动kibana

nohup /server/kibana/bin/kibana > /var/log/kibana.log &

连接packetbeat与ElasticSearch

向elasticsearch导入packetbeat模板

curl -XPUT 'http://127.0.0.1:9200/_template/packetbeat' -d@/server/packetbeat/packetbeat.template.json

或

curl -H 'Content-Type: application/json' -XPUT 'http://localhost:9200/_template/packetbeat' -d@/server/packetbeat/packetbeat.template.json

连接kibana与ElasticSearch

编辑config/kibana.yml
设置elasticsearch.url为Elasticsearch地址

具体配置参考

CentOS安装kibana极简手册
http://blog.csdn.net/sevenyears2me/article/details/71122856
安装ElasticSearch极简手册
http://blog.csdn.net/sevenyears2me/article/details/71085650

0 0