ELK日志分析系统搭建
来源:互联网 发布:淘宝首页 javascript 编辑:程序博客网 时间:2024/05/21 09:29
1
tar
-xzf elasticsearch-5.2.0.
tar
.gz -C
/usr/local/
1
useradd
elk
1
chown
-R elk:elk
/usr/local/elasticsearch-5
.2.0/
1
nohup
/usr/local/elasticsearch-5
.2.0
/bin/elasticsearch
&
1
[root@nginx ~]
# curl 127.0.0.1:9200
1
# tar -xzf logstash-5.2.0.tar.gz -C /usr/local/
1
# cat /usr/local/logstash-5.2.0/config/nginx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
input {
beats { #监听在5043端口接收来自filebeat的日志
port =>
"5043"
}
}
filter {
grok {
match => {
"message"
=>
"%{COMBINEDAPACHELOG}"
} #过滤规则
}
geoip {
source =>
"clientip"
#过滤规则获取IP
}
}
output {
elasticsearch { hosts => [
"localhost:9200"
] }
stdout { codec => rubydebug }
}
1
nohup
/usr/local/logstash-5
.2.0
/bin/logstash
-f
/usr/local/logstash-5
.2.0
/config/nginx
.yml &
1
# tar -xzf filebeat-5.2.0-linux-x86_64.tar.gz -C /usr/local/
1
vim
/usr/local/filebeat-5
.2.0-linux-x86_64
/ipaper
.yml
1
2
3
4
5
6
7
filebeat.prospectors:
- input_type:
log
paths:
- /data/wwwlogs/test1.
log
#指定推送日志文件
- /data/wwwlogs/test2.
log
output.logstash:
hosts: [
"192.168.0.54:5043"
] #指定接收logstash
1
# nohup /usr/local/filebeat-5.2.0-linux-x86_64/filebeat -e -c /usr/local/filebeat-5.2.0-linux-x86_64/ipaper.yml -d "publish" &
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@ND31 ~]
# tail -20 nohup.out
"input_type"
:
"log"
,
"message"
:
"119.147.33.18 - - [13/Feb/2017:02:20:17 +0800] \"GET /29204.htm HTTP/1.1\" 200 14344 \"http://epaper.oeeee.com/epaper/M/html/2016-12/06/content_101411.htm\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)\""
,
"offset"
: 44870189,
"source"
:
"/data/wwwlogs/test.log"
,
"type"
:
"log"
}
2017
/02/13
09:39:44.899627 client.go:184: DBG Publish: {
"@timestamp"
:
"2017-02-13T09:39:32.116Z"
,
"beat"
: {
"hostname"
:
"ND31"
,
"name"
:
"ND31"
,
"version"
:
"5.2.0"
},
"input_type"
:
"log"
,
"message"
:
"101.28.166.129 - - [13/Feb/2017:10:51:03 +0800] \"GET /guide.png?v=2 HTTP/1.1\" 200 63133 \"https://ipaper.oeeee.com/ipaper/A/html/2017-02/12/content_6417.htm?from=timeline\u0026isappinstalled=0\u0026wxuid=oq7TJv8NgymKH25j6gniiaODPvfM\u0026wxsalt=731af7\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Mobile/14C92 MicroMessenger/6.5.4 NetType/WIFI Language/zh_CN\""
,
"offset"
: 56286590,
"source"
:
"/data/wwwlogs/test.log"
,
"type"
:
"log"
}
2017
/02/13
09:39:44.899691 output.go:109: DBG output worker: publish 2048 events
1
elk]
# tar -xzf kibana-5.2.0-linux-x86_64.tar.gz -C /usr/local/
1
]
# vim /usr/local/kibana-5.2.0-linux-x86_64/config/kibana.ym
1
server.host:
"0.0.0.0"
1
# /usr/local/kibana-5.2.0-linux-x86_64/bin/kibana &
0 0
- ELK日志分析系统搭建
- ELK日志分析系统搭建
- ELK日志分析系统搭建
- ELK日志分析系统搭建
- 搭建日志分析系统ELK
- ELK搭建日志联合分析系统
- ELK搭建日志联合分析系统
- ELK日志分析系统环境搭建
- ELK日志分析系统搭建介绍
- ELK(一)ELK日志收集分析系统环境搭建
- 搭建ELK日志系统
- ELk日志系统搭建
- elk 日志分析系统
- ELK 日志分析系统
- ELK 日志分析系统
- ELK日志分析系统
- ELK 日志分析系统
- ELK 日志分析系统
- 【C#源码】爱流量活动免费领取300M移动流量 Q群验证
- 博客迁移
- BigDecimal总结
- vs2013新建类时自动添加头注释
- EDA软件_Cadence_Allegro 16.6添加封装库路径(导入网表时需要)
- ELK日志分析系统搭建
- 【B2B】三星点餐解决方案
- ReactiveCocoa信号使用方法
- PAT甲级1112
- Linux下MYSQL定时备份、定时清理几天前文件
- 2.14
- 深入浅出Android Support Annotations
- CC2640R2F低功耗无线MCU特性介绍
- 奇葩服务器切换root用户