Centos6 下安装 ELK6.4.1

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Centos6 下安装 ELK6.4.1相关的知识,希望对你有一定的参考价值。

资源路径
JAVA
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

ELK
https://www.elastic.co/

安装目录:
/usr/local/elasticsearch
/usr/local/logstash
/usr/local/kibana

服务端安装

一、JDK安装
1、上传JDK8
rz
2、解压JDK8
tar -zxvf jdk-8u181-linux-x64.tar.gz
3、将JDK移动到/usr/local/java
cp -r jdk1.8.0_181 /usr/local/java
4、修改环境变量
vim /etc/profile

export JAVA_HOME=/usr/local/java
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH

5、使改变生效并检测版本
source /etc/profile
java -version

二、安装ELK
1、上传并解压
tar -zxvf elasticsearch-6.4.1.tar.gz
tar -zxvf logstash-6.4.1.tar.gz
tar -zxvf kibana-6.4.1-linux-x86_64.tar.gz

mv elasticsearch-6.4.1 /usr/local/elasticsearch
mv logstash-6.4.1 /usr/local/logstash
mv kibana-6.4.1-linux-x86_64 /usr/local/kibana

2、修改权限(elasticsearch不能以root用户运行)
useradd elk
passwd elk
chkown -R elk.elk /usr/local/elasticsearch
chown -R elk.elk /usr/local/elasticsearch

3、修改配置:
修改文件描述符:ulimited
vim /etc/security/limits.conf
elk soft nofile 102400
elk hard nofile 102400
其他也为 102400

vim /etc/security/limits.d/90-nproc.conf

  • soft nproc 65535

修改/etc/sysctl.conf配置文件,添加
vm.max_map_count=262144
需要重启机器

elasticsearch.yml:
注意要在Network下面: 
network.host: 0.0.0.0
http.port: 9200

在elasticsearch.yml中配置bootstrap.system_call_filter为false,注意要在Memory下面:  
bootstrap.memory_lock: false  
bootstrap.system_call_filter: false

kibana/config/kibana.yml
    server.host: "10.10.10.101"
    elasticsearch.url: "http://10.10.10.100:9200"

4、运行
elasticsearch:(注意,保存nohup.out的目录,elk必须有写入权限)
su elk
nohup /usr/local/elasticsearch/bin/elasticsearch &

kibana:
nohup /usr/local/kibana/bin/kibana &

logstash:(如果不加入redis,可以不用这个)
nohup /usr/local/logstash/bin/logstash agent -f ../conf/logstash.conf &

5、安装nginx并配置
在 location/ 下增加

    auth_basic "secret";
    auth_basic_user_file /data/nginx/db/passwd.db;

创建认证数据文件
    htpasswd -c /usr/opt/nginx/passwd.db root
如果没有htpasswd,则要安装httpd
    yum -y install httpd 

客户端安装

安装目录:
/usr/local/logstash

运行目录:
/data/ELK/logstash

配置目录:
/data/ELK/logstash/conf

一、JDK安装
1、上传JDK8
rz
2、解压JDK8
tar -zxvf jdk-8u181-linux-x64.tar.gz
3、将JDK移动到/usr/local/java
cp -r jdk1.8.0_181 /usr/local/java
4、修改环境变量
vim /etc/profile

export JAVA_HOME=/usr/local/java
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH

5、使改变生效并检测版本
source /etc/profile
java -version

二、安装ELK
1、上传并解压
tar -zxvf logstash-6.4.1.tar.gz
mv logstash-6.4.1 /usr/local/logstash

2、配置logstash
logstash_nginx.conf内容
input {
file {
add_field => {"server_name"=>"nginx_33"}
path => [ "/data/nginx_log/*access.log" ]
start_position => "beginning"
ignore_older => 0
}
}

filter {
grok {
patterns_dir => ["/data/ELK/logstash/conf/patterns"]
match => { "message" => "%{NGINXACCESS}" }

}
geoip {
  source => "clientip"
  target => "geoip"
  database => "/data/ELK/logstash/conf/GeoLite2-City.mmdb"
  fields => ["country_name","region_code", "city_name", "ip"]
  #add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
  #add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}

mutate {
#  convert => [ "[geoip][coordinates]", "float" ]
  convert => [ "response","integer" ]
  convert => [ "bytes","integer" ]
  replace => { "type" => "nginx_access" }
  remove_field => "message"
}

date {
  match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z"]

}
mutate {
  remove_field => "timestamp"

}

}
output {
elasticsearch {
hosts => ["10.10.10.100:9200"]
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
}
#stdout {codec => rubydebug}
}

/data/ELK/logstash/conf/patterns中nginx 文件内容:
WZ ([^ ]*)
NGINXACCESS %{IP:clientip} - - [%{HTTPDATE:timestamp}] "%{WORD:method} %{WZ:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:status} %{NUMBER:bytes} %{QS:referer} %{QS:agent} %{QS:xforward}

GeoLite2
cd /data/ELK/logstash/conf
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
tar zxvf GeoLite2-City.tar.gz
cp GeoLite2-City_20180911/GeoLite2-City.mmdb ./

3、运行
nohup /usr/local/logstash/bin/logstash -f conf/logstash_nginx.conf &

以上是关于Centos6 下安装 ELK6.4.1的主要内容,如果未能解决你的问题,请参考以下文章

VmWare下安装CentOS6

centos6.5下安装docker

CentOS6.8下安装MySQL5.6

Centos6.5下虚拟机Linux 关于g++,gdb,ctags安装以及vim的配置

centos6.5下tengine-2.2.2简易安装记录

CentOS6.5下源码安装gcc-4.9.4