ELK官网: https://www.elastic.co/cn/what-is/elk-stack
ELK是什么: “ELK”是三个开源项目的首字母缩写,这三个项目分别是:Elasticsearch、Logstash 和 Kibana。Elasticsearch 是一个搜索和分析引擎。Logstash 是服务器端数据处理管道,能够同时从多个来源采集数据,转换数据,然后将数据发送到诸如 Elasticsearch 等“存储库”中。Kibana 则可以让用户在 Elasticsearch 中使用图形和图表对数据进行可视化。
实验环境:两台虚拟机(建议最小化安装)【最小2核2G】 239:elasticsearch+ logstash 240:kibana
查看ip: iifup ens33 ip add
关闭防火墙、sulinux:
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# setenforce 0同步时间:
[root@localhost ~]# yum -y install ntp [root@localhost ~]# ntpdate pool.ntp.org1、安装elasticsearch(先安装java环境) 解压ELK压缩包:
[root@localhost ~]# yum -y install unzip [root@localhost ~]# unzip ELK.zip安装java环境
[root@localhost ~]# cd ELK [root@localhost ELK]# rpm -ivh jdk-8u131-linux-x64_.rpm安装配置elasticsearch:
[root@localhost ELK]# yum -y install elasticsearch-6.6.2.rpm [root@localhost ELK]# systemctl daemon-reload [root@localhost ELK]# systemctl enable elasticsearch.service [root@localhost ELK]# yum -y install vim [root@localhost ELK]# vim /etc/elasticsearch/elasticsearch.yml [root@localhost ELK]# cat /etc/elasticsearch/elasticsearch.yml |grep -v "^#" cluster.name: yl node.name: node-1 path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: 192.168.136.239 http.port: 9200 [root@localhost ELK]# systemctl start elasticsearch检测(两种方式):
[root@localhost ELK]# yum -y install net-tools [root@localhost ELK]# netstat -anpt |grep java [root@localhost ELK]# tailf /var/log/elasticsearch/yl.log2、安装配置logstash(测试检测messages+secure)
[root@localhost ELK]# yum -y install logstash-6.6.0.rpm [root@localhost ELK]# cd /etc/logstash/conf.d/ [root@localhost conf.d]# vim messages.conf input { file { path => "/var/log/messages" type => "messages-log" start_position => "beginning" } } output { elasticsearch { hosts => "192.168.136.239" index => "messages_log-%{+YYYY.MM.dd}" } } [root@localhost conf.d]# vim secure.conf input { file { path => "/var/log/secure" type => "secure-log" start_position => "beginning" } } output { elasticsearch { hosts => "192.168.136.239:9200" index => "secure_log-%{+YYYY.MM.dd}" } } [root@localhost conf.d]# cd /etc/logstash/ [root@localhost logstash]# vim pipelines.yml ------------------------------------------------------- - pipeline.id: messages path.config: "/etc/logstash/conf.d/messages.conf" - pipeline.id: secure path.config: "/etc/logstash/conf.d/secure.conf" ------------------------------------------------------- [root@localhost ~]# chmod -R 777 /var/log/ [root@localhost ~]# systemctl enable logstash [root@localhost ~]# systemctl start logstash测试:
[root@localhost ~]# tailf /var/log/logstash/logstash-plain.log --------------出现以下就正常--------------------------------------------------------- [2020-07-01T20:06:29,449][INFO ][logstash.outputs.elasticsearch] Installing elas ticsearch template to _template/logstash ----------------------------------------------------------------------------------3、安装kibana:
[root@localhost ~]# cd ELK [root@localhost ELK]# scp kibana-6.6.2-x86_64.rpm root@192.168.136.240:/root/到另一台虚拟服务器
[root@localhost ~]# yum -y install kibana-6.6.2-x86_64.rpm [root@localhost ~]# yum -y install vim [root@localhost ~]# vim /etc/kibana/kibana.yml [root@localhost ~]# cat /etc/kibana/kibana.yml | grep -v "^#" | sed '/^$/d' server.port: 5601 server.host: "192.168.136.240" elasticsearch.hosts: ["http://192.168.136.239:9200"] [root@localhost ~]# systemctl enable kibana [root@localhost ~]# systemctl start kibana测试:
[root@localhost ~]# yum -y install net-tools [root@localhost ~]# netstat -anpt |grep :5601 tcp 0 0 192.168.136.240:5601 0.0.0.0:* LISTEN 2436/node登录web端:
