ELK

准备工作 1.准备两台虚拟机(我的是centos7系统的)

一台是 192.168.18.140

一台是 192.168.18.141

2.关闭防火墙 和SELinux

systemctl stop firewalld
setenforce 0
优化系统
m /etc/security/limits.conf

---

•            soft    nproc           65535
  

•            hard    nproc           65535
  

•            soft    nofile          65535
  

•            hard    nofile          65535
  

---

测试是否优化系统完成 断开连接重新连接一下如下所示 就可以了

[root@localhost ~]# ulimit -n
65535　　
这两台服务器都需要安装jdk环境

[root@localhost src]# rpm -ivh jdk-8u131-linux-x64_.rpm
准备中… ################################# [100%]
正在升级/安装…
1:jdk1.8.0_131-2000:1.8.0_131-fcs ################################# [100%]
Unpacking JAR files…
tools.jar…
plugin.jar…
javaws.jar…
deploy.jar…
rt.jar…
jsse.jar…
charsets.jar…
localedata.jar…
[root@localhost src]#
140 服务器是ES+kibana

先安装ES(elasticsearch)

[root@localhost src]# rpm -ivh elasticsearch-6.6.2.rpm
警告：elasticsearch-6.6.2.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中… ################################# [100%]
Creating elasticsearch group… OK
Creating elasticsearch user… OK
正在升级/安装…
1:elasticsearch-0:6.6.2-1 ################################# [100%]

NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service

You can start elasticsearch service by executing

sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch

　编辑elasticesarch的配置文件

vim /etc/elasticsearch/elasticsearch.yml

修改以下内容
network.host: 192.168.18.140 //修改为本机IP地址
http.port: 9200

systemctl restart elasticsearch
开始安装kibana

rpm -ivh kibana-6.6.2-x86_64.rpm
警告：kibana-6.6.2-x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中… ################################# [100%]
正在升级/安装…
1:kibana-6.6.2-1 ################################# [100%]
　　编辑kibana的配置文件

修改成如下所示就可以了

cat /etc/kibana/kibana.yml |grep -v ‘^#’

---

server.port: 5601
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://192.168.18.140:9200”]

---

重启kibana

sysetmct restart kibana

给予权限

chmod -R 777 /var/log/messages

141 服务器是logstash

安装

rpm -ivh logstash-6.6.0.rpm
警告：logstash-6.6.0.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中… ################################# [100%]
正在升级/安装…
1:logstash-1:6.6.0-1 ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
　　编写一个收集日志的配置文件

vim /etc/logstash/conf.d/system.conf

---

input {
file {
path => “/var/log/messages”
type => “system-log”
start_position => “beginning”
}
}
output {
elasticsearch {
hosts => “192.168.18.140：9200”
index => “system_log-%{+YYYY.MM.dd}”
}
}
*******************************************　
重启服务
systemctl restart logstash　
给予权限

chmod -R 777 /var/log/messages

执行 这条命令 curl -X GET HTTP://192.168.18.140:9200/_cat/indices?v 如下所示表示成功可以检索 在两台服务器上都执行以下这条命令
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 JK3lTv0uSw2ewk3_Qvwmww 1 0 2 0 8.6kb 8.6kb
yellow open system_log-2019.12.08 12ezV-ilT9uIU7if-xIATw 5 1 328 0 189.2kb 189.2kb
　访问kibana的服务器 在浏览器中
　
　
　
　![在这里插入图片描述](https://img-blog.csdnimg.cn/20191212203825716.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L0RVWUlaSEU=,size_16,color_FFFFFF,t_7