ELK centos7
来源:互联网 发布:淘宝直播卖衣服要钱么 编辑:程序博客网 时间:2024/04/28 18:07
原著文章地址:https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-centos-7
转载文章2:http://blog.sina.com.cn/s/blog_6f2d2e310102wa41.html
ELK官方地址:https://www.elastic.co/products
官方的下载源在国外比较缓慢本人下载好的安装包:http://pan.baidu.com/s/1o7EIZv8 密码:5zme 最新版本5.1系列
@@@@@@@@@@@@@@@@@@@@@首先安装elasticsearch //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
groupadd elk && useradd -g elk elk // elasticsearch 是不能直接用root用户启动新加elk用户启动elasticsearchchown -R elk.elk /opt/elasticsearch // "/opt/elasticsearch " 是我elasticsearch的安装目录(安装包请在百度云下载或者在官方下载)修改conf下的配置文件elasticsearch.yml 使只能本机访问 network.host: localhost
nohup sh bin/elasticsearch & //后台运行 且终端关闭后仍然运行
2017-01-05T02:28:28,702][INFO ][o.e.n.Node ] version[5.1.1], pid[13420], build[5395e21/2016-12-06T12:36:15.409Z], OS[Linux/3.10.0-229.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_92/25.92-b14]
[2017-01-05T02:28:29,756][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [aggs-matrix-stats]
[2017-01-05T02:28:29,756][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [ingest-common]
[2017-01-05T02:28:29,756][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [lang-expression]
[2017-01-05T02:28:29,757][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [lang-groovy]
[2017-01-05T02:28:29,757][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [lang-mustache]
[2017-01-05T02:28:29,757][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [lang-painless]
[2017-01-05T02:28:29,757][INFO ][o.e.p.PluginsService ] [ZYem2PN] loaded module [percolator]
curl下本机看下返回结果:
curl 127.0.0.1:9200
结果:
{ "name" : "ZYem2PN", "cluster_name" : "elasticsearch", "cluster_uuid" : "Kpt3lcQDRl-7rq8oQEGZ6Q", "version" : { "number" : "5.1.1", "build_hash" : "5395e21", "build_date" : "2016-12-06T12:36:15.409Z", "build_snapshot" : false, "lucene_version" : "6.3.0" }, "tagline" : "You Know, for Search"}
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&安装kibana&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
sudo rpm -ivh kibana-5.1.1-x86_64.rpm
rpm -qc kibana //查看kibbaba的配置文件
返回结果:/etc/kibana/kibana.yml
更改配置文件:server.host: "localhost"
systemctl enable kibana.service //开机启动kibana systemctl start kibana.service //启动kibana%%%%%%%%%%%%%%%%%%%%%安装nginx代理本机kibbaba,elasticsearch ,并增加认证%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
将上面提供下载的epel源添加到/etc/yum.repos.d/ 更新yum源:
yum makecache fastyum install nginx httpd-tools -y //yum安装nginx和认证工具:htpasswd -c /etc/nginx/htpasswd.users admin //生成密码认证vim /etc/nginx/conf.d/kibana.conf //创建server 用nginx代理本地访问 记得把nginx.conf 的server注释掉
server {listen 80;server_name localhost;auth_basic "Restricted Access";auth_basic_user_file /etc/nginx/htpasswd.users; location / {proxy_pass http://localhost:5601;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection 'upgrade';proxy_set_header Host $host;proxy_cache_bypass $http_upgrade; }}
nginx -t 检查nginx语法 没有报错就可以启动nginx systemctl start nginx && systemctl enable nginx
同理可以代理elasticsearch服务的9200端口 // 然后就可以通过web访问kibana
*****************************************************安装logstash*****************************
ln -s /opt/jdk1.8.0_92/bin/java /usr/bin/java //增加java的软连接 不然安装要报错 我这里jdk的路径是/opt/jdk1.8.0_92/[root@localhost elk]# rpm -ivh logstash-5.1.1.rpm
Preparing... ################################# [100%]
Updating / installing...
1:logstash-1:5.1.1-1 ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
Logstash配置文件使用JSON格式,路径为 /etc/logstash/conf.d/
包含 inputs | filters | outputs 三部分
# vim /etc/logstash/conf.d/02-filebeat-input.conf
input { beats { port => 5044 type => "logs" ssl => true ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt" ssl_key => "/etc/pki/tls/private/logstash-forwarder.key" }}# vim /etc/logstash/conf.d/10-syslog.conf
filter { if [type] == "syslog" { grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } }}将日志存储到Elasticsearch [ 跑在本机9200端口 ]
# vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug }}
chmod 777 /var/log/logstash/logstash.logsystemctl start logstashsystemctl enable logstash!!!!!!!!!!!!!!!!!!!!!!创建通信证书!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
请先修改/etc/hosts 文件增加服务器和客服端的解析
cd /etc/pki/tls openssl req -subj '/CN=yoursername/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crtscp /etc/pki/tls/certs/logstash-forwarder.crt root@youagent:/tmp/ //将证书拷贝到你的agent(agent需要配置证书通信)^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^客户端配置^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch //导入证书rpm -ivh filebeat-5.1.1-x86_64.rpm //安装filebeatcp /tmp/logstash-forwarder.crt /etc/pki/tls/certs/ //复制server创建的证书grpe -v“^#” /etc/filebeat/filebeat.yml
filebeat.prospectors:- input_type: log paths: - /var/log/*.logoutput.logstash: hosts: ["elkserver:5044"] ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
systemctl start filebeat.service systemctl enable filebeat.servicefilebeat.sh -e -c filebeat.yml -d "Publish" 查看是否能够通向server 请根据日志进行排查如果不能通信server
@@@@@@@@@@@@@@@@@@@@@@@@@配置kibana信息@@@@@@@@@@@@@@@@@@@@@@@@@
- ELK centos7
- Centos7 安装ELK
- CentOS7部署ELK
- Centos7部署ELK平台
- CentOS7搭建ELK
- centos7 elk环境搭建
- ELK系列一:CentOS7安装elasticsearch5.x
- Centos7.0 安装ELK(5.5.1版本)
- centos7 安装elk日志分析系统
- ELK
- ELK
- ELK
- ELK
- ELK
- elk
- ELK
- ELK
- ELK
- 巧用C#泛型和继承解决类型转化
- 【C语言】 LeetCode 326 Power of Three
- PAT-B 1061. 判断题
- linq to xml
- Android优化:布局性能优化(一)
- ELK centos7
- hdu2647(拓扑排序)
- (一)Java程序设计之环境变量的配置
- oracle约束-constraint
- shell_umask用法
- 十张图看懂未来的大数据世界
- listener引入spring bean问题与解决方案
- 金融市场数据平台的架构设计之道
- 计算两个时间相差天数