去elastic官网下载
elasticseach/kibana/logstash
前提需要配置JDK1.8
tar解压elasticseach,kibana,logstash到/usr/local下
elasticseach
elasticseach不能使用root启动,所以需要创建用户来启动
# groupadd elk
# useradd -r -g elk elk
# chown -R elk.elk /usr/local/elasticsearch
# cd /usr/local/elasticsearch
# vim config/elasticsearch.yml
cluster.name: my-application
node.name: PS02-node
path.data: /usr/local/elasticsearch/data
path.logs: /usr/local/elasticsearch/logs
network.host: 192.168.199.152
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.199.152"]
path.data和path.logs目录没有,需要手动创建,并且更改elk属主和属组
elasticsearch安装x-pack,X-Pack 将诸多强大功能集合到一个单独的程序包中,其中就有安全功能Security
# bin/elasticsearch-plugin install x-pack
# bin/x-pack/setup-passwords interactive
设置密码,账号分别为elastic,kibana,logstash_system,后续中kibana和logstash会用到