ELK日誌系統安裝、配置
一、關閉SELINUX:java
[root@ELK /]# vim /etc/selinux/config 將SELINUX=enforcing修改成SELINUX=disabled
二、關閉防火牆:node
[root@ELK /]# service iptables stop [root@ELK /]# chkconfig iptables off
三、安裝EPEL源:linux
[root@ELK /]# yum -y install epel-release [root@ELK /]# yum clean all [root@ELK /]# yum makecache
四、安裝系統工具:nginx
[root@ELK /]# yum -y install vim wget telnet
五、安裝OpenJDK:bootstrap
[root@ELK /]# yum -y install java-1.8.0-openjdk* [root@ELK /]# java -version openjdk version "1.8.0_121" OpenJDK Runtime Environment (build 1.8.0_121-b13) OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)
六、安裝ElasticSearch:vim
[root@ELK /]# wget -P/usr/local/src/ -c https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.1/elasticsearch-2.4.1.tar.gz [root@ELK /]# tar -xzvf /usr/local/src/elasticsearch-2.4.1.tar.gz -C /usr/local/src/ [root@ELK /]# mkdir -p /usr/local/elk [root@ELK /]# mv /usr/local/src/elasticsearch-2.4.1 /usr/local/elk/elasticsearch
七、添加elk帳戶:api
[root@ELK /]# groupadd elk [root@ELK /]# useradd -g elk elk [root@ELK /]# chown -R elk.elk /usr/local/elk/elasticsearch
八、編輯elasticsearch配置文件:bash
[root@ELK /]# vim /usr/local/elk/elasticsearch/config/elasticsearch.yml 找到對應項目,修改以下:
# ---------------------------------- Cluster ----------------------------------- cluster.name: elk-cluster # ------------------------------------ Node ------------------------------------ node.name: elk01 # ----------------------------------- Paths ------------------------------------ path.data: /usr/local/elasticsearch-5.5.2/data/elasticsearch path.logs: /usr/local/elasticsearch-5.5.2/data/logs path.repo: /usr/local/elasticsearch-5.5.2/data/backup # ----------------------------------- Memory ----------------------------------- bootstrap.memory_lock: false bootstrap.system_call_filter: false # ---------------------------------- Network ----------------------------------- network.host: 0.0.0.0 http.port: 9250 transport.tcp.port: 9350 # --------------------------------- Discovery ---------------------------------- discovery.zen.ping.unicast.hosts: ["172.16.1.141", "172.16.1.142", "172.16.1.143"] # ---------------------------------- Various ----------------------------------- cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 15gb cluster.routing.allocation.disk.watermark.high: 10gb
九、啓動elasticsearch服務:curl
[root@ELK elk]# su - elk --command="/usr/local/elk/elasticsearch/bin/elasticsearch -d"
十、安裝elasticsearch插件:elasticsearch
[root@ELK elk] #/usr/local/elk/elasticsearch/bin/plugin plugin install mobz/elasticsearch-head [root@ELK elk] #/usr/local/elk/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
十一、安裝logstash:
[root@ELK /]# wget -P/usr/local/src/ -c https://download.elastic.co/logstash/logstash/logstash-2.4.1.tar.gz [root@ELK /]# tar -xzvf /usr/local/src/logstash-2.4.1.tar.gz -C /usr/local/src/ [root@ELK /]# mv /usr/local/src/logstash-2.4.1 /usr/local/elk/logstash [root@ELK /]# chown -R elk.elk /usr/local/elk/logstash
十二、建立logstash配置文件:
[root@ELK /]# vim /usr/local/elk/logstash/logstash-nginx.conf
logstash-nginx.conf:
input {
file {
type => "syslog"
tags => ["log"]
path => ["/var/log/messages","/log/*.log"]
start_position => beginning
ignore_older => 0
}
file {
type => "nginx_log"
tags => ["nginx"]
path => ["/var/log/nginx/access.log"]
start_position => beginning
ignore_older => 0
}
}
output
{
elasticsearch {
hosts => [ "192.168.75.150:9200" ]
}
}
1三、啓動logstash服務:
[root@ELK ~]# su - elk --command="/usr/local/elk/logstash/bin/logstash agent -f /usr/local/elk/logstash/logstash-nginx.conf &" Settings: Default pipeline workers: 2 Pipeline main started
agent 表示運行Agent模式
-f 表示指定配置文件
-p 表示端口
1四、安裝kibana:
[root@ELK /]# wget -P/usr/local/src/ -c https://download.elastic.co/kibana/kibana/kibana-4.6.1-linux-x86_64.tar.gz [root@ELK /]# tar -xzvf /usr/local/src/kibana-4.6.1-linux-x86_64.tar.gz -C /usr/local/src/ [root@ELK /]# mv /usr/local/src/kibana-4.6.1-linux-x86_64 /usr/local/elk/kibana [root@ELK /]# chown -R elk.elk /usr/local/elk/kibana
1五、編輯kibana配置文件:
[root@ELK /]# vim /usr/local/elk/kibana/config/kibana.yml 找到對應項目,修改以下:
server.port: 5602 server.host: "0.0.0.0" elasticsearch.url: "http://localhost:9250" logging.dest: /usr/local/kibana-5.5.2/log/kibana.log
1六、啓動kibana服務:
[root@ELK elk]# su - elk --command="/usr/local/elk/kibana/bin/kibana serve &"
1七、測試:
訪問:http://192.168.75.150:5601/
1八、清除ELK日誌:
curl -XDELETE http://127.0.0.1:9200/access-restapi-2017.01.* curl -XDELETE http://127.0.0.1:9200/*-2017.01.0* curl -XDELETE http://127.0.0.1:9200/*-2017.01.*
[THE END]
相關文章
- 1. 配置ELK日誌分析系統
- 2. 安裝ELK elasticsearch+logstash+kibana日誌監控系統簡單配置
- 3. ELK日誌管理系統詳細安裝和配置
- 4. ELK安裝配置,監控nginx日誌
- 5. elk日誌系統安裝部署
- 6. ELK日誌平臺系統安裝
- 7. 在CentOS7上配置ELK日誌分析系統-kafka集羣安裝配置
- 8. Filebeat+ELK配置rabbitmq日誌
- 9. ELK日誌系統搭建
- 10. ELK日誌分析系統
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
