ELK日志分析平台部署实录
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK日志分析平台部署实录相关的知识,希望对你有一定的参考价值。
[[email protected] ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch[[email protected] ~]# vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[[email protected] ~]# cd /usr/local/src
[[email protected] src]# tar zxvf jdk-8u161-linux-x64.tar.gz
[[email protected] src]# mv jdk1.8.0_161 /usr/local
[[email protected] src]# vi /etc/profile
JAVA_HOME=/usr/local/jdk1.8.0_161
JAVA_BIN=/usr/local/jdk1.8.0_161/bin
PATH=$PATH:$JAVA_BIN
CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME JAVA_BIN PATH CLASSPATH
export LD_LIBRARY_PATH=/usr/local/apr/lib
[[email protected] ~]# java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)
[[email protected] ~]# yum install -y elasticsearch
[[email protected] ~]# mkdir /usr/local/es-data
[[email protected] ~]# chown -R elasticsearch:elasticsearch /usr/local/es-data
[[email protected] ~]# mkdir -p /var/log/elasticsearch/
[[email protected] ~]# chown -R elasticsearch:elasticsearch /var/log/elasticsearch/
[[email protected] ~]# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: elk-cluster
node.name: king01
path.data: /usr/local/es-data
path.logs: /var/log/elasticsearch/
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
network.host: 192.168.1.201
http.port: 9200
discovery.zen.ping.unicast.hosts: ["king01"]
http.cors.enabled: true
http.cors.allow-origin: "*"
[[email protected] ~]# vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
* soft memlock unlimited
* hard memlock unlimited
[[email protected] ~]# vim /etc/security/limits.d/90-nproc.conf
* soft nproc 2048
root soft nproc unlimited
[[email protected] ~]# /etc/init.d/elasticsearch start
[[email protected] ~]# /etc/init.d/elasticsearch status
elasticsearch (pid 18338) is running...
[[email protected] ~]# cat /var/log/elasticsearch/elk-cluster.log
[[email protected] ~]# curl http://192.168.1.201:9200/
{
"name" : "king01",
"cluster_name" : "elk-cluster",
"cluster_uuid" : "oGuBJsi3SZyYnCT4PvuNgA",
"version" : {
"number" : "5.6.8",
"build_hash" : "688ecce",
"build_date" : "2018-02-16T16:46:30.010Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
[[email protected] ~]# yum install -y logstash
[[email protected] ~]# ln -s /usr/share/logstash/bin/logstash /bin/
[[email protected] ~]# mkdir -p /usr/share/logstash/config/
[[email protected] ~]# chown -R logstash:logstash /usr/share/logstash/config/
[[email protected] ~]# ln -s /etc/logstash/* /usr/share/logstash/config
[[email protected] ~]# vim /etc/logstash/conf.d/elk.conf
input {
syslog {
port => "514"
}
}
output {
elasticsearch {
hosts => ["192.168.1.201:9200"]
index => "syslog-%{+YYYY.MM.dd}"
}
}
[[email protected] ~]# logstash -f /etc/logstash/conf.d/elk.conf&
[[email protected] ~]# cat /var/log/logstash/logstash-plain.log
[[email protected] ~]# netstat -tunlp | grep 514
tcp 0 0 :::514 :::* LISTEN 18713/java
udp 0 0 :::514 :::* 18713/java
[[email protected] ~]# yum install -y kibana
[[email protected] ~]# vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.1.201:9200"
[[email protected] ~]# /etc/init.d/kibana start
kibana started
[[email protected] ~]# /etc/init.d/kibana status
kibana is running
[[email protected] ~]# netstat -tunlp | grep 5601
[[email protected] ~]# vi /etc/rsyslog.conf
*.* @192.168.1.201:514
[[email protected] ~]# vi /etc/bashrc
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
[[email protected] ~]# service rsyslog restart
以上是关于ELK日志分析平台部署实录的主要内容,如果未能解决你的问题,请参考以下文章