如何在CentOS 7上使用Packetrap beat上哪里找和ELK收集基础结构指标
点击联系发帖人
时间:2017-09-22 02:29
日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散在各个生产服务器,且开发人员无法登陆生产服务器,这时候就需要一个集中式的日志收集装置,对日志中的关键字进行监控,触发异常时进行报警,并且开发人员能够查看相关日志。logstash+elasticsearch+kibana3就是实现这样功能的一套系统,并且功能更强大。
Logstash:负责日志的收集,处理和储存 Elasticsearch:负责日志检索和分析 Kibana:负责日志的可视化
1、环境介绍
elkServer IP:192.168.7.27 OS:Centos7.1 FQDN:
elkClient
IP:192.168.31.23 OS:Centos7.1
2、下载准备
官网下载最新的安装包:https://www.elastic.co/downloads(目前有些版本的包可能下载不到了,请到该地址下载&&链接:/s/1gfohO2Z 密码:5s1f)
elasticsearch-1.7.3.noarch.rpm
(server上安装)
kibana-4.1.2-linux-x64.tar.gz
(server上安装)
logstash-1.5.4-1.noarch.rpm
(server上安装)
logstash-forwarder-0.4.0-1.x86_64.rpm
(client上安装)
3、Server端安装
3.1安装jdk1.7
[root@localhost ~]# yum install java-1.7.0-openjdk
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.163.com
* updates: mirrors.163.com
Package 1:java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64 already installed and latest version
Nothing to do
3.2安装elasticsearch
[root@localhost elk]# yum localinstall elasticsearch-1.7.3.noarch.rpm
(yum 本地安装elasticsearch)
Loaded plugins: fastestmirror, langpacks
Examining elasticsearch-1.7.3.noarch.rpm: elasticsearch-1.7.3-1.noarch
elasticsearch-1.7.3.noarch.rpm: does not update installed package.
Nothing to do
[root@localhost elk]# systemctl daemon-reload
[root@localhost elk]# systemctl enable elasticsearch.service
(设置开机自启动)
ln -s '/usr/lib/systemd/system/elasticsearch.service' '/etc/systemd/system/multi-user.target.wants/elasticsearch.service'
[root@localhost elk]# systemctl start elasticsearch.service
(开启服务)
[root@localhost elk]# systemctl status elasticsearch.service
(查看服务状态)
elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch. enabled)
Active: active (running) since Sun 2015-11-08 11:05:09 CST; 28s ago
Docs: http://www.elastic.co
Main PID: 15345 (java)
CGroup: /system.slice/elasticsearch.service
?..15345 java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+Heap...
Nov 08 11:05:09 localhost.localdomain systemd[1]: Started Elasticsearch.
[root@localhost elk]# rpm -qc elasticsearch
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/logging.yml
/etc/init.d/elasticsearch
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service
/usr/lib/tmpfiles.d/elasticsearch.conf
[root@localhost elk]# netstat -nltp
(查看端口监听状况)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
784/rpcbind
15345/java
15345/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
[root@localhost elk]# firewall-cmd --permanent --add-port={9200/tcp,9300/tcp}
(防火墙添加两个端口)
[root@localhost elk]# firewall-cmd --reload
(重载防火墙)
[root@localhost elk]# firewall-cmd --list-all
(查看防火墙开发端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
3.3安装kibana
[root@localhost elk]# tar zxf kibana-4.1.2-linux-x64.tar.gz -C /usr/local/
(解压缩安装包到指定目录中)
[root@localhost elk]# cd /usr/local/
[root@localhost local]# ls
kibana-4.1.2-linux-x64
[root@localhost local]# mv kibana-4.1.2-linux-x64/ kibana
(重命名)
[root@localhost local]# cd kibana/
[root@localhost kibana]# ls
LICENSE.txt
README.txt
[root@localhost kibana]# cd bin/
[root@localhost bin]# ls
(运行./kibana即可开启服务,但我们将其做到service)
kibana.bat
[root@localhost bin]# cd /etc/systemd/system/
[root@localhost system]# vi kibana.service
(编辑kibana服务)
ExecStart=/usr/local/kibana/bin/kibana
WantedBy=multi-user.target
[root@localhost system]# systemctl enable kibana.service
(设置开机自启动)
ln -s '/etc/systemd/system/kibana.service' '/etc/systemd/system/multi-user.target.wants/kibana.service'
[root@localhost system]# systemctl start kibana.service
(开启服务)
[root@localhost system]# systemctl status kibana.service
(查看服务运行状态)
kibana.service
Loaded: loaded (/etc/systemd/system/kibana. enabled)
Active: active (running) since Sun 2015-11-08 11:16:28 CST; 10s ago
Main PID: 16131 (node)
CGroup: /system.slice/kibana.service
?..16131 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
Nov 08 11:16:28 localhost.localdomain systemd[1]: Started kibana.service.
Nov 08 11:16:34 localhost.localdomain kibana[16131]: {"name":"Kibana","hostname":"localhost.localdomain","pid":16131,"level":30,"msg":"No existing kibana index found","time":"20...43Z","v":0}
Nov 08 11:16:34 localhost.localdomain kibana[16131]: {"name":"Kibana","hostname":"localhost.localdomain","pid":16131,"level":30,"msg":"Listening on 0.0.0.0:5601","time":"2015-11...93Z","v":0}
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost system]# netstat -nltp
(查看端口监听状态)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:5601
16131/node
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
784/rpcbind
15345/java
15345/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
[root@localhost system]# firewall-cmd --permanent --add-port=5601/tcp
(防火墙开启5601端口)
[root@localhost system]# firewall-cmd --reload
(重载防火墙)
[root@localhost system]# firewall-cmd --list-all
(查看防火墙开放端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5601/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost system]# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=5601
(为5601端口添加80端口的映射,这样在浏览器中就可以不用输入端口了)
[root@localhost system]# firewall-cmd --reload
(重载防火墙)
[root@localhost system]# firewall-cmd --list-all
(查看防火墙开放端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5601/tcp
masquerade: no
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
icmp-blocks:
rich rules:
&3.4安装logstash
[root@localhost system]# cd /home/elk/
[root@localhost elk]# ls
elasticsearch-1.7.3.noarch.rpm
kibana-4.1.2-linux-x64.tar.gz
logstash-1.5.4-1.noarch.rpm
logstash-forwarder-0.4.0-1.x86_64.rpm
[root@localhost elk]# yum localinstall logstash-1.5.4-1.noarch.rpm
(yum本地安装logstash)
Loaded plugins: fastestmirror, langpacks
Examining logstash-1.5.4-1.noarch.rpm: 1:logstash-1.5.4-1.noarch
Marking logstash-1.5.4-1.noarch.rpm to be installed
Resolving Dependencies
--& Running transaction check
---& Package logstash.noarch 1:1.5.4-1 will be installed
--& Finished Dependency Resolution
base/7/x86_64
extras/7/x86_64
extras/7/x86_64/primary_db
updates/7/x86_64
updates/7/x86_64/primary_db
Dependencies Resolved
===============================================================================================================================================================================================
Repository
===============================================================================================================================================================================================
Installing:
/logstash-1.5.4-1.noarch
Transaction Summary
===============================================================================================================================================================================================
Total size: 136 M
Installed size: 136 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:logstash-1.5.4-1.noarch
: 1:logstash-1.5.4-1.noarch
Installed:
logstash.noarch 1:1.5.4-1
[root@localhost tls]# hostname -f
(查看当前FQDN,FQDN设置参见/zhenyuyaodidiao/p/4947930.html)
[root@localhost ~]# cd /etc/pki/tls/
(进入到/etc/pki/tls/文件夹)
[root@localhost tls]# ls
(以下生成openssl key用于客户端上传日志文件用,在客户端配置时会用到)
[root@localhost tls]# openssl req -subj '/CN=/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
Generating a 2048 bit RSA private key
..............+++
.............+++
writing new private key to 'private/logstash-forwarder.key'
[root@localhost tls]# ls
[root@localhost tls]# cd private/
[root@localhost private]# ll
-rw-r--r--. 1 root root 1704 Nov
8 17:20 logstash-forwarder.key
[root@localhost private]# cd ../certs/
[root@localhost certs]# ll
lrwxrwxrwx. 1 root root
2015 ca-bundle.crt -& /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root
2015 ca-bundle.trust.crt -& /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1107 Nov
8 17:20 logstash-forwarder.crt
-rwxr-xr-x. 1 root root
610 Mar 24
2015 make-dummy-cert
-rw-r--r--. 1 root root 2388 Mar 24
2015 Makefile
-rwxr-xr-x. 1 root root
829 Mar 24
2015 renew-dummy-cert
[root@localhost ~]# cd /etc/logstash/conf.d/
[root@localhost conf.d]# vi 01-logstash-initial.conf
(编辑logstash配置文件)
lumberjack {
port =& 5000
type =& "logs"
ssl_certificate =& "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key =& "/etc/pki/tls/private/logstash-forwarder.key"
if [type] == "syslog" {
match =& { "message" =& "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field =& [ "received_at", "%{@timestamp}" ]
add_field =& [ "received_from", "%{host}" ]
syslog_pri { }
match =& [ "syslog_timestamp", "MMM
d HH:mm:ss", "MMM dd HH:mm:ss" ]
elasticsearch { host =& localhost }
stdout { codec =& rubydebug }
[root@localhost conf.d]# systemctl enable logstash
(设置开机自启动)
logstash.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
[root@localhost conf.d]# systemctl start logstash.service
(开启logstash服务)
[root@localhost conf.d]# systemctl status logstash.service
(查看服务运行状态)
logstash.service - LSB: Starts Logstash as a daemon.
Loaded: loaded (/etc/rc.d/init.d/logstash)
Active: active (running) since Sun 2015-11-08 17:28:34 CST; 14s ago
Process: 20799 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/logstash.service
?..20805 java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir=/var/lib...
Nov 08 17:28:34 elk logstash[20799]: logstash started.
Nov 08 17:28:34 elk systemd[1]: Started LSB: Starts Logstash as a daemon..
[root@localhost conf.d]# netstat -nltp
(查看端口占用)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:5601
16131/node
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
0 127.0.0.1:6012
17715/sshd: root@pt
20805/java
784/rpcbind
15345/java
15345/java
20805/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
0 ::1:6012
17715/sshd: root@pt
[root@localhost conf.d]# cd /var/log/logstash/
[root@localhost logstash]# ls
(日志文件)
logstash.err
logstash.log
logstash.stdout
[root@localhost logstash]# firewall-cmd --permanent --add-port=5000/tcp
(防火墙开放5000端口)
[root@localhost logstash]# firewall-cmd --reload
(重载防火墙)
[root@localhost logstash]# firewall-cmd --list-all
(查看端口开放情况)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5000/tcp 5601/tcp
masquerade: no
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
icmp-blocks:
rich rules:
&4、Client端安装
[root@localhost elk]# vi /etc/hosts
(编辑hosts文件)
localhost localhost.localdomain localhost4 localhost4.localdomain4
localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.7.27
[root@localhost elk]# service network restart
Restarting network (via systemctl):
[root@localhost elk]# ping
(测试连接)
(192.168.7.27) 56(84) bytes of data.
64 bytes from
(192.168.7.27): icmp_seq=1 ttl=63 time=0.754 ms
64 bytes from
(192.168.7.27): icmp_seq=2 ttl=63 time=0.477 ms
ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.477/0.615/0.754/0.140 ms
[root@localhost laizy]# mkdir elk
[root@localhost laizy]# cd elk/
[root@localhost elk]# ls
[root@localhost elk]# scp root@192.168.7.27:/home/elk/logstash-forwarder-0.4.0-1.x86_64.rpm .
(拷贝logstash-forwarder到本地)
The authenticity of host '192.168.7.27 (192.168.7.27)' can't be established.
ECDSA key fingerprint is 49:b9:53:89:55:f2:93:87:9b:81:bb:23:a5:24:f1:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.7.27' (ECDSA) to the list of known hosts.
root@192.168.7.27's password:
logstash-forwarder-0.4.0-1.x86_64.rpm
100% 1692KB
[root@localhost elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
[root@localhost elk]# scp root@192.168.7.27:/etc/pki/tls/certs/logstash-forwarder.crt .
(拷贝Server端的key到本地)
root@192.168.7.27's password:
logstash-forwarder.crt
[root@localhost elk]# ll
total 1700
-rw-r--r--. 1 root root 1732758 Nov
8 17:36 logstash-forwarder-0.4.0-1.x86_64.rpm
-rw-r--r--. 1 root root
8 17:37 logstash-forwarder.crt
[root@localhost elk]# cp logstash-forwarder.crt /etc/pki/tls/certs/
(将key拷贝到/etc/pki/tls/certs/下)
[root@localhost elk]# cd /etc/pki/tls/certs/
[root@localhost certs]# ls
ca-bundle.crt
ca-bundle.trust.crt
logstash-forwarder.crt
make-dummy-cert
renew-dummy-cert
[root@localhost certs]# cd /home/laizy/elk/
[root@localhost elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
logstash-forwarder.crt
[root@localhost elk]# yum localinstall logstash-forwarder-0.4.0-1.x86_64.rpm
(yum本地安装logstash-forwarder)
Loaded plugins: fastestmirror, langpacks
Examining logstash-forwarder-0.4.0-1.x86_64.rpm: logstash-forwarder-0.4.0-1.x86_64
Marking logstash-forwarder-0.4.0-1.x86_64.rpm to be installed
Resolving Dependencies
--& Running transaction check
---& Package logstash-forwarder.x86_64 0:0.4.0-1 will be installed
--& Finished Dependency Resolution
base/7/x86_64
extras/7/x86_64
updates/7/x86_64
Dependencies Resolved
===============================================================================================================================================================================================
Repository
===============================================================================================================================================================================================
Installing:
logstash-forwarder
/logstash-forwarder-0.4.0-1.x86_64
Transaction Summary
===============================================================================================================================================================================================
Total size: 5.7 M
Installed size: 5.7 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : logstash-forwarder-0.4.0-1.x86_64
Logs for logstash-forwarder will be in /var/log/logstash-forwarder/
: logstash-forwarder-0.4.0-1.x86_64
Installed:
logstash-forwarder.x86_64 0:0.4.0-1
[root@localhost elk]# systemctl enable logstash-forwarder
(设置开机自启动)
logstash-forwarder.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash-forwarder on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
[root@localhost elk]# systemctl start logstash-forwarder.service
(开启服务)
[root@localhost elk]# cd /var/log/logstash-forwarder/
(日志目录)
[root@localhost logstash-forwarder]# ls
logstash-forwarder.err
logstash-forwarder.log
[root@localhost elk]# vi /etc/logstash-forwarder.conf
(编辑配置文件)
"network": {
"servers": [ ":5000" ],
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
"timeout": 15
"files": [
"paths": [
"/var/log/messages",
"/var/log/secure"
"fields": { "type": "syslog" }
[root@localhost elk]# systemctl restart logstash-forwarder.service
(重启服务)
[root@localhost elk]# systemctl status logstash-forwarder.service
(查看服务运行状态)
logstash-forwarder.service - LSB: no description given
Loaded: loaded (/etc/rc.d/init.d/logstash-forwarder)
Active: active (running) since Sun 2015-11-08 18:30:51 CST; 18s ago
Process: 10788 ExecStop=/etc/rc.d/init.d/logstash-forwarder stop (code=exited, status=0/SUCCESS)
Process: 10794 ExecStart=/etc/rc.d/init.d/logstash-forwarder start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/logstash-forwarder.service
?..10798 /opt/logstash-forwarder/bin/logstash-forwarder -config /etc/logstash-forwarder.conf
Nov 08 18:30:51 localhost.localdomain systemd[1]: Starting LSB: no description given...
Nov 08 18:30:51 localhost.localdomain /etc/init.d/logstash-forwarder[10799]: logstash-forwarder started
Nov 08 18:30:51 localhost.localdomain logstash-forwarder[10794]: logstash-forwarder started
Nov 08 18:30:51 localhost.localdomain systemd[1]: Started LSB: no description given.
&5、界面验证
首先在client中手动增加一条日志:
[root@localhost elk]# logger zhenyuLogtest
界面登录 http://192.168.7.27/&,做如下操作
从图中可以看到,手动添加的日志已经在界面中被搜索到了。
本文主要参考了国外一个搭建ELK的视频,操作的很详细,附上视频的下载链接,仅供参考。
链接:/s/1jGuBWCQ 密码:h0pq
阅读(...) 评论()CentOS 7.1发布:安装指南与截图 | Howtoing运维教程
欢迎!登录到您的帐户
您的用户名
CentOS 7.1发布:...Centos7_ELK5.4.1配置部署
时间: 10:13:48
&&&& 阅读:666
&&&& 评论:
&&&& 收藏:0
标签:&&&&&&&&&&&&&&&Centos7_ELK5.4.1配置部署一、概念1、核心组成由Elasticsearch、Logstash和Kibana三部分组件组成;Elasticsearch是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。Logstash是一个完全开源的工具,它可以对你的日志进行收集、分析,并将其存储供以后使用kibana 是一个开源和免费的工具,它可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志2.下载官网下载地址:从中获取最新版软件包软件包列表:3.注意事项& a、所有节点操作系统版本最好保持一致,centos6.5测试最新版本内核不支持,尽可能使用目前centos7.3稳定版本。Elk服务器配置需要,如果条件运行使用为2C4G,& b、本文档为单机版,即将Elasticsearch、Logstash和Kibana安装在一台服务器上,生产环境建议将其在docker中分开安装,以便快速迁移至物理服务器。& c、关闭selinux,关闭firewalld或添加端口例外.修改主机名称。二、安装部署1.安装jdkyum&install&-y&java-1.8.0-openjdk
hostnamectl&set-hostname&elk-1&&&&&&&&&&&&#修改主机名
systemctl&stop&firewalld&&&&&&&&&&&&&&&&&&#关闭firewalld
setenforce&02.下载软件包3.安装elasticsearchcd&/usr/local/tools
tar&zxf&elasticsearch-5.4.1.tar.gz
mv&elasticsearch-5.4.1&/usr/local/elasticsearch
cd&/usr/local/elasticsearch/config/编辑elasticsearch.ymlmkdir&-p&/usr/local/elasticsearch/data&/usr/local/elasticsearch/logs
useradd&elasticsearch
chown&-R&elasticsearch:elasticsearch&/usr/local/elasticsearch
echo&"vm.max_map_count&=&655360"&&&/etc/sysctl.conf&&&&sysctl&-pelasticsearch不可用root用户启动,新建elasticsearch运行用户编辑/etc/security/limits.conf文件,新增以下内容*&soft&nofile&65536&
*&hard&nofile&65536&
*&soft&nproc&65536&
*&hard&nproc&65536启动elasticsearchsu&-&elasticsearch&
cd&/usr/local/elasticsearch&
bin/elasticsearch&&查看端口监听信息curl测试4.安装logstashcd&/usr/local/tools
tar&-zxvf&logstash-5.4.1.tar.gz
mv&logstash-5.4.1&/usr/local/logstash
cd&/usr/local/logstash/config
vim&01-syslog.conf安装filebeatcd&/usr/local/tools/
tar&-zxvf&filebeat-5.4.1-linux-x86_64.tar.gz
mv&filebeat-5.4.1-linux-x86_64&/usr/local/filebeat
vim&/usr/local/filebeat/filebeat.yml启动filebeat/usr/local/filebeat
./filebeat&&启动logstash(加载配置文件启动)cd&/usr/local/logstash/
bin/logstash&-f&config/01-syslog.conf&&查看监听端口稍等以后屏幕会输出返回的结果可以用名称测试:curl 我们想以web形式展现数据,就需要安装kibana5.安装kibanacd&/usr/local/tools/
tar&-zxf&kibana-5.4.1-linux-x86_64.tar.gz
mv&kibana-5.4.1-linux-x86_64&/usr/local/kibana
cd&/usr/local/kibana/config
vim&/usr/local/kibana/config/kibana.yml启动/bin/kibana&&查看端口监听情况三、测试通过web界面访问,创建index patterns查看创建对应的日志本文为个人测试ELK最新版本最基础的搭建,可以将其在docker中各应用拆分开部署,后期学习elk的高级用法。本文出自 “” 博客,请务必保留此出处标签:&&&&&&&&&&&&&&&
&&国之画&&&& &&&&chrome插件
版权所有 京ICP备号-2
迷上了代码!}
Logstash:负责日志的收集,处理和储存 Elasticsearch:负责日志检索和分析 Kibana:负责日志的可视化
1、环境介绍
elkServer IP:192.168.7.27 OS:Centos7.1 FQDN:
elkClient
IP:192.168.31.23 OS:Centos7.1
2、下载准备
官网下载最新的安装包:https://www.elastic.co/downloads(目前有些版本的包可能下载不到了,请到该地址下载&&链接:/s/1gfohO2Z 密码:5s1f)
elasticsearch-1.7.3.noarch.rpm
(server上安装)
kibana-4.1.2-linux-x64.tar.gz
(server上安装)
logstash-1.5.4-1.noarch.rpm
(server上安装)
logstash-forwarder-0.4.0-1.x86_64.rpm
(client上安装)
3、Server端安装
3.1安装jdk1.7
[root@localhost ~]# yum install java-1.7.0-openjdk
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.163.com
* updates: mirrors.163.com
Package 1:java-1.7.0-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64 already installed and latest version
Nothing to do
3.2安装elasticsearch
[root@localhost elk]# yum localinstall elasticsearch-1.7.3.noarch.rpm
(yum 本地安装elasticsearch)
Loaded plugins: fastestmirror, langpacks
Examining elasticsearch-1.7.3.noarch.rpm: elasticsearch-1.7.3-1.noarch
elasticsearch-1.7.3.noarch.rpm: does not update installed package.
Nothing to do
[root@localhost elk]# systemctl daemon-reload
[root@localhost elk]# systemctl enable elasticsearch.service
(设置开机自启动)
ln -s '/usr/lib/systemd/system/elasticsearch.service' '/etc/systemd/system/multi-user.target.wants/elasticsearch.service'
[root@localhost elk]# systemctl start elasticsearch.service
(开启服务)
[root@localhost elk]# systemctl status elasticsearch.service
(查看服务状态)
elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch. enabled)
Active: active (running) since Sun 2015-11-08 11:05:09 CST; 28s ago
Docs: http://www.elastic.co
Main PID: 15345 (java)
CGroup: /system.slice/elasticsearch.service
?..15345 java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+Heap...
Nov 08 11:05:09 localhost.localdomain systemd[1]: Started Elasticsearch.
[root@localhost elk]# rpm -qc elasticsearch
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/logging.yml
/etc/init.d/elasticsearch
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service
/usr/lib/tmpfiles.d/elasticsearch.conf
[root@localhost elk]# netstat -nltp
(查看端口监听状况)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
784/rpcbind
15345/java
15345/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
[root@localhost elk]# firewall-cmd --permanent --add-port={9200/tcp,9300/tcp}
(防火墙添加两个端口)
[root@localhost elk]# firewall-cmd --reload
(重载防火墙)
[root@localhost elk]# firewall-cmd --list-all
(查看防火墙开发端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
3.3安装kibana
[root@localhost elk]# tar zxf kibana-4.1.2-linux-x64.tar.gz -C /usr/local/
(解压缩安装包到指定目录中)
[root@localhost elk]# cd /usr/local/
[root@localhost local]# ls
kibana-4.1.2-linux-x64
[root@localhost local]# mv kibana-4.1.2-linux-x64/ kibana
(重命名)
[root@localhost local]# cd kibana/
[root@localhost kibana]# ls
LICENSE.txt
README.txt
[root@localhost kibana]# cd bin/
[root@localhost bin]# ls
(运行./kibana即可开启服务,但我们将其做到service)
kibana.bat
[root@localhost bin]# cd /etc/systemd/system/
[root@localhost system]# vi kibana.service
(编辑kibana服务)
ExecStart=/usr/local/kibana/bin/kibana
WantedBy=multi-user.target
[root@localhost system]# systemctl enable kibana.service
(设置开机自启动)
ln -s '/etc/systemd/system/kibana.service' '/etc/systemd/system/multi-user.target.wants/kibana.service'
[root@localhost system]# systemctl start kibana.service
(开启服务)
[root@localhost system]# systemctl status kibana.service
(查看服务运行状态)
kibana.service
Loaded: loaded (/etc/systemd/system/kibana. enabled)
Active: active (running) since Sun 2015-11-08 11:16:28 CST; 10s ago
Main PID: 16131 (node)
CGroup: /system.slice/kibana.service
?..16131 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
Nov 08 11:16:28 localhost.localdomain systemd[1]: Started kibana.service.
Nov 08 11:16:34 localhost.localdomain kibana[16131]: {"name":"Kibana","hostname":"localhost.localdomain","pid":16131,"level":30,"msg":"No existing kibana index found","time":"20...43Z","v":0}
Nov 08 11:16:34 localhost.localdomain kibana[16131]: {"name":"Kibana","hostname":"localhost.localdomain","pid":16131,"level":30,"msg":"Listening on 0.0.0.0:5601","time":"2015-11...93Z","v":0}
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost system]# netstat -nltp
(查看端口监听状态)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:5601
16131/node
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
784/rpcbind
15345/java
15345/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
[root@localhost system]# firewall-cmd --permanent --add-port=5601/tcp
(防火墙开启5601端口)
[root@localhost system]# firewall-cmd --reload
(重载防火墙)
[root@localhost system]# firewall-cmd --list-all
(查看防火墙开放端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5601/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost system]# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=5601
(为5601端口添加80端口的映射,这样在浏览器中就可以不用输入端口了)
[root@localhost system]# firewall-cmd --reload
(重载防火墙)
[root@localhost system]# firewall-cmd --list-all
(查看防火墙开放端口)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5601/tcp
masquerade: no
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
icmp-blocks:
rich rules:
&3.4安装logstash
[root@localhost system]# cd /home/elk/
[root@localhost elk]# ls
elasticsearch-1.7.3.noarch.rpm
kibana-4.1.2-linux-x64.tar.gz
logstash-1.5.4-1.noarch.rpm
logstash-forwarder-0.4.0-1.x86_64.rpm
[root@localhost elk]# yum localinstall logstash-1.5.4-1.noarch.rpm
(yum本地安装logstash)
Loaded plugins: fastestmirror, langpacks
Examining logstash-1.5.4-1.noarch.rpm: 1:logstash-1.5.4-1.noarch
Marking logstash-1.5.4-1.noarch.rpm to be installed
Resolving Dependencies
--& Running transaction check
---& Package logstash.noarch 1:1.5.4-1 will be installed
--& Finished Dependency Resolution
base/7/x86_64
extras/7/x86_64
extras/7/x86_64/primary_db
updates/7/x86_64
updates/7/x86_64/primary_db
Dependencies Resolved
===============================================================================================================================================================================================
Repository
===============================================================================================================================================================================================
Installing:
/logstash-1.5.4-1.noarch
Transaction Summary
===============================================================================================================================================================================================
Total size: 136 M
Installed size: 136 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:logstash-1.5.4-1.noarch
: 1:logstash-1.5.4-1.noarch
Installed:
logstash.noarch 1:1.5.4-1
[root@localhost tls]# hostname -f
(查看当前FQDN,FQDN设置参见/zhenyuyaodidiao/p/4947930.html)
[root@localhost ~]# cd /etc/pki/tls/
(进入到/etc/pki/tls/文件夹)
[root@localhost tls]# ls
(以下生成openssl key用于客户端上传日志文件用,在客户端配置时会用到)
[root@localhost tls]# openssl req -subj '/CN=/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
Generating a 2048 bit RSA private key
..............+++
.............+++
writing new private key to 'private/logstash-forwarder.key'
[root@localhost tls]# ls
[root@localhost tls]# cd private/
[root@localhost private]# ll
-rw-r--r--. 1 root root 1704 Nov
8 17:20 logstash-forwarder.key
[root@localhost private]# cd ../certs/
[root@localhost certs]# ll
lrwxrwxrwx. 1 root root
2015 ca-bundle.crt -& /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root
2015 ca-bundle.trust.crt -& /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1107 Nov
8 17:20 logstash-forwarder.crt
-rwxr-xr-x. 1 root root
610 Mar 24
2015 make-dummy-cert
-rw-r--r--. 1 root root 2388 Mar 24
2015 Makefile
-rwxr-xr-x. 1 root root
829 Mar 24
2015 renew-dummy-cert
[root@localhost ~]# cd /etc/logstash/conf.d/
[root@localhost conf.d]# vi 01-logstash-initial.conf
(编辑logstash配置文件)
lumberjack {
port =& 5000
type =& "logs"
ssl_certificate =& "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key =& "/etc/pki/tls/private/logstash-forwarder.key"
if [type] == "syslog" {
match =& { "message" =& "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field =& [ "received_at", "%{@timestamp}" ]
add_field =& [ "received_from", "%{host}" ]
syslog_pri { }
match =& [ "syslog_timestamp", "MMM
d HH:mm:ss", "MMM dd HH:mm:ss" ]
elasticsearch { host =& localhost }
stdout { codec =& rubydebug }
[root@localhost conf.d]# systemctl enable logstash
(设置开机自启动)
logstash.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
[root@localhost conf.d]# systemctl start logstash.service
(开启logstash服务)
[root@localhost conf.d]# systemctl status logstash.service
(查看服务运行状态)
logstash.service - LSB: Starts Logstash as a daemon.
Loaded: loaded (/etc/rc.d/init.d/logstash)
Active: active (running) since Sun 2015-11-08 17:28:34 CST; 14s ago
Process: 20799 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/logstash.service
?..20805 java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir=/var/lib...
Nov 08 17:28:34 elk logstash[20799]: logstash started.
Nov 08 17:28:34 elk systemd[1]: Started LSB: Starts Logstash as a daemon..
[root@localhost conf.d]# netstat -nltp
(查看端口占用)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address
Foreign Address
PID/Program name
0 0.0.0.0:5601
16131/node
0 0.0.0.0:111
784/rpcbind
0 0.0.0.0:22
0 127.0.0.1:631
3213/cupsd
0 127.0.0.1:25
2656/master
0 127.0.0.1:6010
14407/sshd: root@pt
0 127.0.0.1:6012
17715/sshd: root@pt
20805/java
784/rpcbind
15345/java
15345/java
20805/java
3213/cupsd
2656/master
0 ::1:6010
14407/sshd: root@pt
0 ::1:6012
17715/sshd: root@pt
[root@localhost conf.d]# cd /var/log/logstash/
[root@localhost logstash]# ls
(日志文件)
logstash.err
logstash.log
logstash.stdout
[root@localhost logstash]# firewall-cmd --permanent --add-port=5000/tcp
(防火墙开放5000端口)
[root@localhost logstash]# firewall-cmd --reload
(重载防火墙)
[root@localhost logstash]# firewall-cmd --list-all
(查看端口开放情况)
public (default, active)
interfaces: ens33
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp 5000/tcp 5601/tcp
masquerade: no
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
icmp-blocks:
rich rules:
&4、Client端安装
[root@localhost elk]# vi /etc/hosts
(编辑hosts文件)
localhost localhost.localdomain localhost4 localhost4.localdomain4
localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.7.27
[root@localhost elk]# service network restart
Restarting network (via systemctl):
[root@localhost elk]# ping
(测试连接)
(192.168.7.27) 56(84) bytes of data.
64 bytes from
(192.168.7.27): icmp_seq=1 ttl=63 time=0.754 ms
64 bytes from
(192.168.7.27): icmp_seq=2 ttl=63 time=0.477 ms
ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.477/0.615/0.754/0.140 ms
[root@localhost laizy]# mkdir elk
[root@localhost laizy]# cd elk/
[root@localhost elk]# ls
[root@localhost elk]# scp root@192.168.7.27:/home/elk/logstash-forwarder-0.4.0-1.x86_64.rpm .
(拷贝logstash-forwarder到本地)
The authenticity of host '192.168.7.27 (192.168.7.27)' can't be established.
ECDSA key fingerprint is 49:b9:53:89:55:f2:93:87:9b:81:bb:23:a5:24:f1:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.7.27' (ECDSA) to the list of known hosts.
root@192.168.7.27's password:
logstash-forwarder-0.4.0-1.x86_64.rpm
100% 1692KB
[root@localhost elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
[root@localhost elk]# scp root@192.168.7.27:/etc/pki/tls/certs/logstash-forwarder.crt .
(拷贝Server端的key到本地)
root@192.168.7.27's password:
logstash-forwarder.crt
[root@localhost elk]# ll
total 1700
-rw-r--r--. 1 root root 1732758 Nov
8 17:36 logstash-forwarder-0.4.0-1.x86_64.rpm
-rw-r--r--. 1 root root
8 17:37 logstash-forwarder.crt
[root@localhost elk]# cp logstash-forwarder.crt /etc/pki/tls/certs/
(将key拷贝到/etc/pki/tls/certs/下)
[root@localhost elk]# cd /etc/pki/tls/certs/
[root@localhost certs]# ls
ca-bundle.crt
ca-bundle.trust.crt
logstash-forwarder.crt
make-dummy-cert
renew-dummy-cert
[root@localhost certs]# cd /home/laizy/elk/
[root@localhost elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
logstash-forwarder.crt
[root@localhost elk]# yum localinstall logstash-forwarder-0.4.0-1.x86_64.rpm
(yum本地安装logstash-forwarder)
Loaded plugins: fastestmirror, langpacks
Examining logstash-forwarder-0.4.0-1.x86_64.rpm: logstash-forwarder-0.4.0-1.x86_64
Marking logstash-forwarder-0.4.0-1.x86_64.rpm to be installed
Resolving Dependencies
--& Running transaction check
---& Package logstash-forwarder.x86_64 0:0.4.0-1 will be installed
--& Finished Dependency Resolution
base/7/x86_64
extras/7/x86_64
updates/7/x86_64
Dependencies Resolved
===============================================================================================================================================================================================
Repository
===============================================================================================================================================================================================
Installing:
logstash-forwarder
/logstash-forwarder-0.4.0-1.x86_64
Transaction Summary
===============================================================================================================================================================================================
Total size: 5.7 M
Installed size: 5.7 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : logstash-forwarder-0.4.0-1.x86_64
Logs for logstash-forwarder will be in /var/log/logstash-forwarder/
: logstash-forwarder-0.4.0-1.x86_64
Installed:
logstash-forwarder.x86_64 0:0.4.0-1
[root@localhost elk]# systemctl enable logstash-forwarder
(设置开机自启动)
logstash-forwarder.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash-forwarder on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
[root@localhost elk]# systemctl start logstash-forwarder.service
(开启服务)
[root@localhost elk]# cd /var/log/logstash-forwarder/
(日志目录)
[root@localhost logstash-forwarder]# ls
logstash-forwarder.err
logstash-forwarder.log
[root@localhost elk]# vi /etc/logstash-forwarder.conf
(编辑配置文件)
"network": {
"servers": [ ":5000" ],
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
"timeout": 15
"files": [
"paths": [
"/var/log/messages",
"/var/log/secure"
"fields": { "type": "syslog" }
[root@localhost elk]# systemctl restart logstash-forwarder.service
(重启服务)
[root@localhost elk]# systemctl status logstash-forwarder.service
(查看服务运行状态)
logstash-forwarder.service - LSB: no description given
Loaded: loaded (/etc/rc.d/init.d/logstash-forwarder)
Active: active (running) since Sun 2015-11-08 18:30:51 CST; 18s ago
Process: 10788 ExecStop=/etc/rc.d/init.d/logstash-forwarder stop (code=exited, status=0/SUCCESS)
Process: 10794 ExecStart=/etc/rc.d/init.d/logstash-forwarder start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/logstash-forwarder.service
?..10798 /opt/logstash-forwarder/bin/logstash-forwarder -config /etc/logstash-forwarder.conf
Nov 08 18:30:51 localhost.localdomain systemd[1]: Starting LSB: no description given...
Nov 08 18:30:51 localhost.localdomain /etc/init.d/logstash-forwarder[10799]: logstash-forwarder started
Nov 08 18:30:51 localhost.localdomain logstash-forwarder[10794]: logstash-forwarder started
Nov 08 18:30:51 localhost.localdomain systemd[1]: Started LSB: no description given.
&5、界面验证
首先在client中手动增加一条日志:
[root@localhost elk]# logger zhenyuLogtest
界面登录 http://192.168.7.27/&,做如下操作
从图中可以看到,手动添加的日志已经在界面中被搜索到了。
本文主要参考了国外一个搭建ELK的视频,操作的很详细,附上视频的下载链接,仅供参考。
链接:/s/1jGuBWCQ 密码:h0pq
阅读(...) 评论()CentOS 7.1发布:安装指南与截图 | Howtoing运维教程
欢迎!登录到您的帐户
您的用户名
CentOS 7.1发布:...Centos7_ELK5.4.1配置部署
时间: 10:13:48
&&&& 阅读:666
&&&& 评论:
&&&& 收藏:0
标签:&&&&&&&&&&&&&&&Centos7_ELK5.4.1配置部署一、概念1、核心组成由Elasticsearch、Logstash和Kibana三部分组件组成;Elasticsearch是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。Logstash是一个完全开源的工具,它可以对你的日志进行收集、分析,并将其存储供以后使用kibana 是一个开源和免费的工具,它可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志2.下载官网下载地址:从中获取最新版软件包软件包列表:3.注意事项& a、所有节点操作系统版本最好保持一致,centos6.5测试最新版本内核不支持,尽可能使用目前centos7.3稳定版本。Elk服务器配置需要,如果条件运行使用为2C4G,& b、本文档为单机版,即将Elasticsearch、Logstash和Kibana安装在一台服务器上,生产环境建议将其在docker中分开安装,以便快速迁移至物理服务器。& c、关闭selinux,关闭firewalld或添加端口例外.修改主机名称。二、安装部署1.安装jdkyum&install&-y&java-1.8.0-openjdk
hostnamectl&set-hostname&elk-1&&&&&&&&&&&&#修改主机名
systemctl&stop&firewalld&&&&&&&&&&&&&&&&&&#关闭firewalld
setenforce&02.下载软件包3.安装elasticsearchcd&/usr/local/tools
tar&zxf&elasticsearch-5.4.1.tar.gz
mv&elasticsearch-5.4.1&/usr/local/elasticsearch
cd&/usr/local/elasticsearch/config/编辑elasticsearch.ymlmkdir&-p&/usr/local/elasticsearch/data&/usr/local/elasticsearch/logs
useradd&elasticsearch
chown&-R&elasticsearch:elasticsearch&/usr/local/elasticsearch
echo&"vm.max_map_count&=&655360"&&&/etc/sysctl.conf&&&&sysctl&-pelasticsearch不可用root用户启动,新建elasticsearch运行用户编辑/etc/security/limits.conf文件,新增以下内容*&soft&nofile&65536&
*&hard&nofile&65536&
*&soft&nproc&65536&
*&hard&nproc&65536启动elasticsearchsu&-&elasticsearch&
cd&/usr/local/elasticsearch&
bin/elasticsearch&&查看端口监听信息curl测试4.安装logstashcd&/usr/local/tools
tar&-zxvf&logstash-5.4.1.tar.gz
mv&logstash-5.4.1&/usr/local/logstash
cd&/usr/local/logstash/config
vim&01-syslog.conf安装filebeatcd&/usr/local/tools/
tar&-zxvf&filebeat-5.4.1-linux-x86_64.tar.gz
mv&filebeat-5.4.1-linux-x86_64&/usr/local/filebeat
vim&/usr/local/filebeat/filebeat.yml启动filebeat/usr/local/filebeat
./filebeat&&启动logstash(加载配置文件启动)cd&/usr/local/logstash/
bin/logstash&-f&config/01-syslog.conf&&查看监听端口稍等以后屏幕会输出返回的结果可以用名称测试:curl 我们想以web形式展现数据,就需要安装kibana5.安装kibanacd&/usr/local/tools/
tar&-zxf&kibana-5.4.1-linux-x86_64.tar.gz
mv&kibana-5.4.1-linux-x86_64&/usr/local/kibana
cd&/usr/local/kibana/config
vim&/usr/local/kibana/config/kibana.yml启动/bin/kibana&&查看端口监听情况三、测试通过web界面访问,创建index patterns查看创建对应的日志本文为个人测试ELK最新版本最基础的搭建,可以将其在docker中各应用拆分开部署,后期学习elk的高级用法。本文出自 “” 博客,请务必保留此出处标签:&&&&&&&&&&&&&&&
&&国之画&&&& &&&&chrome插件
版权所有 京ICP备号-2
迷上了代码!}
我要回帖
更多推荐
- ·纪委书记什么级别 纪检监察升职快吗委怎么考
- ·爱国主义红色教育基地的意义和作用是什么意思
- ·株洲多少分能上普高市二中枫溪高中高考一本率?
- ·白山市初中学校排名中学现任领导
- ·怎样选择私立十大高端幼儿园加盟品牌?
- ·AMD870K的处理器可以玩绝地求生大逃杀吗
- ·快手安卓模拟器手机怎么弄这种左右翻照片的视频
- ·海康hk_u1监控海康摄像头存储计算没有云存储怎样才能使用
- ·ipod如何导入歌曲下载歌曲要钱吗大神们帮帮忙
- ·移动全网通定制版可以移动定制刷全网通通版吗
- ·客户要刷信用卡付款,我第一次上班,乐刷pos机代理骗局不会用,开机以后怎么使用,这东西是连wife还是蓝牙的
- ·坐飞机买不买保险手表呢?
- ·华为watch2评测运动手表有内置GPS吗,另外支持网络定位吗?求高手指点。
- ·od6的线和od5.5的线透过率和od的区别别
- ·怎么在手机上设置伟易博的绝地求生画面分辨率低
- ·消费力资邦金服 为强劲动力的中国人,有多少能买得起iphone x
- ·加工中心工件图纸讲解精铣切削工件上下尺寸有偏差怎么解决
- ·你听说过车载净化器哪个好吗
- ·企业的企业管理人员员需要起到什么义务
- ·家用防盗报警器报警器与汽车报警器的区别有哪些
- ·如何在CentOS 7上使用Packetrap beat上哪里找和ELK收集基础结构指标
- ·路面有小裂缝有必要用沥青路面纵向裂缝道路贴缝带或者道路密封胶进行修补吗
- ·高等数学 线性代数是研究模式的学问,代数研究的什么模式
- ·和导师谈课题注意什么课题能作为研究生论文题目吗
- ·左合右驾考场地考试模拟软件驾校考试模拟安川机器人模拟软件用起来怎么样?
- ·何为公共关系学案例
- ·老师这件大明万历年制瓷器釉面面是宝光还是贼光?
- ·NET调用EAS的webservice调用方式报出以下错误各位大神帮我看看什么问题
- ·求助camshift跟踪算法算法
- ·android通过什么检测sysem分区win10系统完整性检测
- ·亲们,请问九级苏打这个矿泉水中的矿物质质水机能用多久,保修多长时间?
- ·济南的冬天句子分析间接抒情有那写句子表达了什么思想感情
- ·八年了 起床气的人是不是自私要结束了 是我太自私还是我们已经无法走下去了 跟她从
- ·有没有tf卡的读写速度度大于100mb的tf卡
