Ubuntu 16.04 搭建 ELK

一、安裝Java JDK

sudo apt-get install default-jdk

二、安裝Elasticsearch

一、導入Elasticsearch的GPG公鑰

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

二、添加Elasticsearch倉庫源

echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

三、安裝elasticsearch

sudo apt-get update
sudo apt-get install elasticsearch

四、安裝完成以後，配置Elasticsearch

sudo vim /etc/elasticsearch/elasticsearch.yml
network.host: localhost       取消下面一行註釋，並把值替換爲localhost：

五、啓動Elasticsearch服務並加入開機自啓

sudo systemctl start elasticsearch
sudo systemctl enbale elasticsearch

三、安裝Kibana

一、添加kibana倉庫

echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list

二、安裝kibana

sudo apt-get update
sudo apt-get install kibana

三、配置kinbana

sudo vim /opt/kibana/config/kibana.yml
server.host: "localhost"　　　　　　　　    把值改成localhost

四、啓動kinbana服務並加入開機自啓

sudo systemctl start kinbana
sudo systemctl enbale kinbana

四、安裝nginx

sudo apt-get install nginx

一、啓動nginx並加入開機自啓

sudo systemctl start nginx
sudo systemctl enable nginx

二、使用openssl建立一個管理員（admin）

按照提示建立用戶和密碼，用來登錄kinbana web

sudo -v
echo "admin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users

三、修改nginx配置文件

sudo vim /etc/nginx/conf.d/elk.conf
 server {
    listen 80;
 
    server_name your_domain_or_IP;           填寫你的ip或者域名     
 
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;
 
    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        
    }
}

四、檢查nginx配置語法

ok的話就重啓nginx

nginx -t
sudo systemctl restart nginx

五、安裝Logstash

一、添加Logstash軟件源

echo "deb http://packages.elastic.co/logstash/2.3/debian stable main" | sudo tee -a /etc/apt/sources.list

二、安裝Logstash

sudo apt-get update
sudo apt-get install logstash

三、設置接收的日誌格式及類型，建立配置文件

sudo vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output {
  elasticsearch {
    hosts => ["localhost:9200"]
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

六、安裝Filebeat

一、添加Filebeat源和key

echo "deb https://packages.elastic.co/beats/apt stable main" |  sudo tee -a /etc/apt/sources.list.d/beats.list
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

二、安裝Filebeat

sudo apt-get update
sudo apt-get install filebeat

三、啓動Filebeat並加入開機自啓

sudo systemctl start filebeat
sudo systemctl enable filebeat

七、登錄web端添加索引

索引名稱填寫爲　　filebeat-*