安裝kibana、安裝logstash,logstash收集syslog日誌
安裝kibana、安裝logstash,logstash收集syslog日誌html
ELK安裝 – 安裝kibana(成圖的、web工具)java
如下在128(主節點)上執行(在一臺機器上安裝便可)node
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.0-x86_64.rpm sha1sum kibana-6.0.0-x86_64.rpm rpm --install kibana-6.0.0-x86_64.rpmlinux
!!用以上方式安裝kibana6.0.0版本的。由於阿里雲內置的yum源是最新版的,不兼容nginx
https://www.elastic.co/guide/cn/kibana/current/rpm.html,這是官網安裝頁面web
前面已經配置過yum源,這裏就不用再配置了vim
yum install -y kibana瀏覽器
若速度太慢,能夠直接下載rpm包安全
1.wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.0-x86_64.rpmruby
2.rpm -ivh kibana-6.0.0-x86_64.rpm
kibana一樣也須要安裝x-pack(可省略)
安裝方法同elasticsearch的x-pack
cd /usr/share/kibana/bin (可省略)
./kibana-plugin install x-pack //若是這樣安裝比較慢,也能夠下載zip文件(可省略)
wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.0.zip//這個文件和前面下載的那個實際上是一個(可省略)
./kibana-plugin install file:///tmp/x-pack-6.0.0.zip (可省略)
如下在128上執行
3.vim /etc/kibana/kibana.yml //增長 (配置文件)
server.host: 192.168.193.128
#此處建議監聽內網ip(就是本機),監聽外網或所有不安全。若是想監聽外網,能夠nginx作代理,而後安全認證,增長安全性
elasticsearch.url: "http://192.168.193.128:9200"
#須要跟主節點通訊,此處要寫主節點的ip
logging.dest: /var/log/kibana.log
#默認在/var/log/messages。能夠不指定輸出日誌,默認就好
touch /var/log/kibana.log; chmod 777 /var/log/kibana.log
4.systemctl restart kibana
[root@axinlinux-01 ~]# ps aux|grep kibana
kibana 10254 1.4 7.2 1122032 72296 ? Ssl 16:12 0:24 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml root 11121 0.0 0.0 112720 980 pts/0 R+ 16:40 0:00 grep --color=auto kibana
[root@axinlinux-01 ~]# netstat -an|grep 5601
tcp 0 0 192.168.193.128:5601 0.0.0.0:* LISTEN tcp 0 0 192.168.193.128:5601 192.168.193.1:53975 ESTABLISHED tcp 0 0 192.168.193.128:5601 192.168.193.1:53973 ESTABLISHED tcp 0 0 192.168.193.128:5601 192.168.193.1:53974 ESTABLISHED tcp 0 0 192.168.193.128:5601 192.168.193.1:53984 ESTABLISHED tcp 0 0 192.168.193.128:5601 192.168.193.1:53986 ESTABLISHED tcp 0 0 192.168.193.128:5601 192.168.193.1:53985 ESTABLISHED
瀏覽器裏訪問http://192.168.193.128:5601/
用戶名elastic,密碼爲以前你設置過的密碼(若是未安裝x-pack,不須要用戶名密碼)
若沒法輸入用戶名密碼,查日誌/var/log/kibana.log
出現錯誤 Status changed from uninitialized to red - Elasticsearch is still initializing the kibana index.
解決辦法:curl -XDELETE http://192.168.133.130:9200/.kibana -uelastic
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安裝 – 安裝logstash
如下在133上執行
logstash目前不支持java9(若是安裝的idk是1.9的,目前logstash不支持)
直接yum安裝(配置源同前面es的源)
yum install -y logstash //若是慢,就下載rpm包
1.wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.0.rpm
2.rpm -ivh logstash-6.0.0.rpm
logstash也須要安裝x-pack(可省略)
cd /usr/share/logstash/bin/ (可省略)
./logstash-plugin install file:///tmp/x-pack-6.0.0.zip (可省略)
systemctl enable logstash
systemctl start logstash
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
logstash收集syslog日誌
如下在133上操做
編輯配置文件 vi /etc/logstash/conf.d/syslog.conf//加入以下內容
#編輯的文件通通放到conf.d下面,而且以.conf後綴。這樣才能識別到
input {
syslog {
type => "system-syslog"
port => 10514
}
}
output {
elasticsearch {
hosts => ["192.168.193.133:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
input { #進入的源日誌
syslog {
type => "system-syslog"
port => 10514
}
}
output { #輸出到哪裏去
stdout {
codec => rubydebug
}
}
檢測配置文件是否有錯
cd /usr/share/logstash/bin
./logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf --config.test_and_exit
如下在133上操做
前臺形式啓動logstash
./logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf//這樣能夠在屏幕上查看到日誌輸出,不能敲命令
再開一個終端
檢測是否開啓10514端口:netstat -lnp |grep 10514
tcp6 0 0 :::10514 :::* LISTEN udp 0 0 0.0.0.0:10514 0.0.0.0:*
vi /etc/rsyslog.conf//在#### RULES下面增長一行
*.* @@127.0.0.1:10514
#這裏的ip應該寫133的ip
systemctl restart rsyslog
從128ssh到133上,能夠在logstash前臺的終端上看到ssh登陸的相關日誌
結束logstash,在前臺的那個終端上按ctrl c
如下在133上操做
後臺形式啓動logstash
編輯配置文件 vi /etc/logstash/conf.d/syslog.conf//配置文件內容改成以下
input {
syslog {
type => "system-syslog"
port => 10514
}
}
output {
elasticsearch {
hosts => ["192.168.193.133:9200"]
index => "system-syslog-%{+YYYY.MM}"
}
}
systemctl start logstash //啓動須要一些時間,啓動完成後,能夠看到9600端口和10514端口已被監聽
tcp 0 0 192.168.193.133:48782 192.168.193.133:10514 ESTABLISHED tcp6 0 0 :::10514 :::* LISTEN tcp6 1194 0 192.168.193.133:10514 192.168.193.133:48782 ESTABLISHED udp 0 0 0.0.0.0:10514 0.0.0.0:*
tcp6 0 0 127.0.0.1:9600 :::* LISTEN
128上執行curl '192.168.193.128:9200/_cat/indices?v' 能夠獲取索引信息
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size yellow open .kibana HUhL8JS6Sgqxr8mSq9UgoQ 1 1 1 0 3.4kb 3.4kb yellow open system-syslog-2019.06 fqLpMdxRTG2EAV5DC8eIMw 5 1 110 0 421.7kb 421.7kb
curl -XGET '192.168.193.128:9200/indexname?pretty' 能夠獲指定索引詳細信息
[root@axinlinux-03 ~]# curl -XGET '192.168.193.128:9200/system-syslog-2019.06pretty'
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"system-syslog-2019.06pretty","index_uuid":"_na_","index":"system-syslog-2019.06pretty"}],"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"system-syslog-2019.06pretty","index_uuid":"_na_","index":"system-syslog-2019.06pretty"},"status":404}[root@axinlinux-03 ~]#
curl -XDELETE '192.168.193.128:9200/logstash-xxx-*' 能夠刪除指定索引
{"acknowledged":true}[root@axinlinux-03 ~]#
瀏覽器訪問192.168.193.128:5601,到kibana配置索引
左側點擊「Managerment」-> 「Index Patterns」-> 「Create Index Pattern」
Index pattern這裏須要根據前面curl查詢到的索引名字來寫,不然下面的按鈕是沒法點擊的
[root@axinlinux-03 ~]# curl '192.168.193.128:9200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open .kibana HUhL8JS6Sgqxr8mSq9UgoQ 1 1 1 0 3.4kb 3.4kb
yellow open system-syslog-2019.06 fqLpMdxRTG2EAV5DC8eIMw 5 1 110 0 421.7kb 421.7kb
以上,curl出來的,其中 system-syslog-2019.06 就是要輸入到kibana界面裏的
- 1. 110.安裝kibana、安裝logstash,logstash收集syslog日誌
- 2. 8.logstash收集syslog日誌
- 3. logstash+elasticsearch+kibana日誌收集
- 4. 日誌分析ELK:Elasticsearch , Logstash, Kibana 安裝(2)
- 5. logstash+elasticsearch+kibana管理日誌(安裝)
- 6. 日誌分析ELK:Elasticsearch , Logstash, Kibana 安裝(1)
- 7. centos7 安裝ELK作日誌收集(elasticsearch,logstash,kibana)
- 8. 安裝logstash+elasticsearch+kibana
- 9. Elasticsearch+Kibana+Logstash安裝
- 10. syslog+rsyslog+logstash+elasticsearch+kibana搭建日誌收集
- 更多相關文章...
- • Docker 安裝 Nginx - Docker教程
- • Docker 安裝 Node.js - Docker教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 安裝cuda+cuDNN
- 2. GitHub的使用說明
- 3. phpDocumentor使用教程【安裝PHPDocumentor】
- 4. yarn run build報錯Component is not found in path 「npm/taro-ui/dist/weapp/components/rate/index「
- 5. 精講Haproxy搭建Web集羣
- 6. 安全測試基礎之MySQL
- 7. C/C++編程筆記:C語言中的複雜聲明分析,用實例帶你完全讀懂
- 8. Python3教程(1)----搭建Python環境
- 9. 李宏毅機器學習課程筆記2:Classification、Logistic Regression、Brief Introduction of Deep Learning
- 10. 阿里雲ECS配置速記
- 1. 110.安裝kibana、安裝logstash,logstash收集syslog日誌
- 2. 8.logstash收集syslog日誌
- 3. logstash+elasticsearch+kibana日誌收集
- 4. 日誌分析ELK:Elasticsearch , Logstash, Kibana 安裝(2)
- 5. logstash+elasticsearch+kibana管理日誌(安裝)
- 6. 日誌分析ELK:Elasticsearch , Logstash, Kibana 安裝(1)
- 7. centos7 安裝ELK作日誌收集(elasticsearch,logstash,kibana)
- 8. 安裝logstash+elasticsearch+kibana
- 9. Elasticsearch+Kibana+Logstash安裝
- 10. syslog+rsyslog+logstash+elasticsearch+kibana搭建日誌收集