搭建ELK收集Nginx日誌
衆所周知,ELK是日誌收集套裝,這裏就很少作介紹了。java
畫了一個粗略的架構圖,以下:
node
這裏實際用了三個節點,系統版本爲CentOS6.6,ES版本爲2.3.5,logstash版本爲2.4.0,kibana版本爲4.5.4-1,nginx版本爲1.8.1。nginx
192.168.3.56 ES01+logstash01+kibana+redis+nginx 192.168.3.49 ES02+logstash02 192.168.3.57 ES03
一、爲三個節點安裝java環境redis
# yum install -y java java-1.8.0-openjdk-devel # vim /etc/profile.d/java.sh export JAVA_HOME=/usr # source /etc/profile.d/java.sh
二、三節點同步時間json
# ntpdate pool.ntp.org
三、安裝elasticsearch集羣,配置集羣很簡單,三節點保持集羣名稱相同便可,rpm包是提早在官網下載的vim
節點1,ES01:瀏覽器
# yum install -y elasticsearch-2.3.5.rpm # vim /etc/elasticsearch/elasticsearch.yml cluster.name: oupenges node.name: es01 network.host: 192.168.3.56 discovery.zen.ping.unicast.hosts: ["192.168.3.56", "192.168.3.49", "192.168.3.57"]
節點2,ES02:ruby
# yum install -y elasticsearch-2.3.5.rpm # vim /etc/elasticsearch/elasticsearch.yml cluster.name: oupenges node.name: es02 network.host: 192.168.3.49 discovery.zen.ping.unicast.hosts: ["192.168.3.56", "192.168.3.49", "192.168.3.57"]
節點3,ES03:架構
# yum install -y elasticsearch-2.3.5.rpm # vim /etc/elasticsearch/elasticsearch.yml cluster.name: oupenges node.name: es03 network.host: 192.168.3.57 discovery.zen.ping.unicast.hosts: ["192.168.3.56", "192.168.3.49", "192.168.3.57"]
啓動服務:app
# service elasticsearch start # chkconfig elasticsearch on
經過cluster API查看集羣狀態:
# curl -XGET 'http://192.168.3.56:9200/_cluster/health?pretty=true'
{
"cluster_name" : "oupenges",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 56,
"active_shards" : 112,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
四、爲ES三個節點安裝head插件
# /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
用瀏覽器訪問head:
這個是我裝完全部組件以後的狀態,後面裝完以後就再也不貼head圖了。
星形表明master
圓形表明slave
五、在節點1上安裝logstash01
# yum install logstash-2.4.0.noarch.rpm
命令行驗證logstash:
標準輸入 --> 標準輸出
# /opt/logstash/bin/logstash -e "input {stdin{}} output{stdout{ codec=>"rubydebug"}}"
Settings: Default pipeline workers: 12
Pipeline main started
hello
{
"message" => "hello",
"@version" => "1",
"@timestamp" => "2017-06-20T03:09:21.113Z",
"host" => "uy-s-167"
}
標準輸入 --> elasticsearch
# /opt/logstash/bin/logstash -e 'input {stdin{}} output{ elasticsearch { hosts => ["192.168.3.56:9200"] index => "test"}}'
Settings: Default pipeline workers: 12
Pipeline main started
hello
hi opera
從時間和內容能夠看出,紅色框的兩條是我剛纔添加的兩條信息。
六、安裝kibana
# yum install -y kibana-4.5.4-1.x86_64.rpm # vim /opt/kibana/config/kibana.yml elasticsearch.url: "http://192.168.3.56:9200" # service kibana start # chkconfig kibana on
用瀏覽器訪問 http://192.168.3.56:5601
七、安裝redis
# yum install -y redis # vim /etc/redis.conf daemonize yes bind 192.168.3.56 appendonly yes # service redis start # chkconfig redis on
八、安裝Nginx,使用nginx代理kibanna,並設置添加身份驗證
# wget http://nginx.org/download/nginx-1.8.1.tar.gz
# tar xvf nginx-1.8.1.tar.gz
# yum groupinstall -y "Development tools"
# cd nginx-1.8.1/
# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre
# mkdir -pv /var/tmp/nginx/client/
# /usr/local/nginx/sbin/nginx
# vim /usr/local/nginx/conf/nginx.conf 在http段添加一個server段
server {
listen 8080;
server_name 192.168.3.56; #當前主機名
auth_basic "Restricted Access";
auth_basic_user_file /usr/local/nginx/conf/htpasswd.users; #身份驗證
location / {
proxy_pass http://192.168.3.56:5601; #代理到kibana
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# yum install -y httpd-tools
# htpasswd -bc /usr/local/nginx/conf/htpasswd.users admin admin
# cat /usr/local/nginx/conf/htpasswd.users
admin:TvypNSDg6V3Rc
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
九、將Nginx的日誌格式轉換爲json格式
# vim /usr/local/nginx/conf/nginx.conf
log_format access1 '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log /var/log/nginx/access.log access1;
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
十、在須要收集日誌也就是nginx server上安裝filebeat
# yum install -y filebeat-1.2.3-x86_64.rpm
# mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.bak
# vim /etc/filebeat/filebeat.yml
filebeat:
prospectors:
-
paths:
- /var/log/messages
input_type: log
document_type: nginxs1-system-message
-
paths:
- /var/log/nginx/access.log
input_type: log
document_type: nginxs1-access-log
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["192.168.3.56:5044"]
file:
path: "/tmp/"
filename: filebeat.txt
shipper:
logging:
to_files: true
files:
path: /tmp/mybeat
# service filebeat start
# chkconfig filebeat on
十一、配置logstash01接收filebeat發出的日誌,並輸出到redis
# vim /etc/logstash/conf.d/nginx.conf
input {
beats {
port => 5044
codec => "json"
}}
output {
if [type] == "nginxs1-system-message" {
redis {
data_type => "list"
key => "nginxs1-system-message"
host => "192.168.3.56"
port => "6379"
db => "0"
}}
if [type] == "nginxs1-access-log" {
redis {
data_type => "list"
key => "nginxs1-access-log"
host => "192.168.3.56"
port => "6379"
db => "0"
}}
file {
path => "/tmp/nginx-%{+YYYY-MM-dd}messages.gz"
}
}
# /etc/init.d/logstash configtest
# service logstash restart
十二、在節點2上安裝logstash02
# yum install logstash-2.4.0.noarch.rpm
1三、配置logstash02從redis讀取日誌,並輸出到elasticsearch中
# vim /etc/logstash/conf.d/redis-to-es.conf
input {
redis {
host => "192.168.3.56"
port => "6379"
db => "0"
key => "nginxs1-system-message"
data_type => "list"
batch_count => 1
}
redis {
host => "192.168.3.56"
port => "6379"
db => "0"
key => "nginxs1-access-log"
data_type => "list"
codec => "json"
batch_count => 1
}
}
output {
if [type] == "nginxs1-system-message" {
elasticsearch {
hosts => ["192.168.3.56:9200"]
index => "nginxs1-system-message-%{+YYYY.MM.dd}"
manage_template => true
flush_size => 2000
idle_flush_time => 10 }}
if [type] == "nginxs1-access-log" {
elasticsearch {
hosts => ["192.168.3.56:9200"]
index => "logstash-nginxs1-access-log-%{+YYYY.MM.dd}"
manage_template => true
flush_size => 2000
idle_flush_time => 10 }}
}
1四、登陸配置kibana
配置完成後,就能夠在Discover中看到nginx的日誌了。
在Visualize裏面能夠畫各類圖,這裏就不細說了。
展現一個我畫的很簡單的Dashboard:
相關文章
- 1. elk收集nginx日誌
- 2. ELK收集NGINX日誌
- 3. ELK平臺搭建+filebeat收集nginx日誌
- 4. ELK日誌收集
- 5. [日誌收集]-ELK
- 6. 日誌收集 - ELK
- 7. elk日誌收集
- 8. ELK日誌服務器的快速搭建並收集nginx日誌
- 9. elk收集nginx日誌配置實例!
- 10. ELK實踐(二):收集Nginx日誌
- 更多相關文章...
- • Swift 環境搭建 - Swift 教程
- • Rust 環境搭建 - RUST 教程
- • 適用於PHP初學者的學習線路和建議
- • ☆技術問答集錦(13)Java Instrument原理
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. elk收集nginx日誌
- 2. ELK收集NGINX日誌
- 3. ELK平臺搭建+filebeat收集nginx日誌
- 4. ELK日誌收集
- 5. [日誌收集]-ELK
- 6. 日誌收集 - ELK
- 7. elk日誌收集
- 8. ELK日誌服務器的快速搭建並收集nginx日誌
- 9. elk收集nginx日誌配置實例!
- 10. ELK實踐(二):收集Nginx日誌