ELK官网:
https://www.elastic.co/cn/what-is/elk-stack
ELK是什么:
“ELK”是三个开源项目的首字母缩写,这三个项目分别是:Elasticsearch、Logstash 和 Kibana。Elasticsearch 是一个搜索和分析引擎。Logstash 是服务器端数据处理管道,能够同时从多个来源采集数据,转换数据,然后将数据发送到诸如 Elasticsearch 等“存储库”中。Kibana 则可以让用户在 Elasticsearch 中使用图形和图表对数据进行可视化。
实验环境:两台虚拟机(建议最小化安装)【最小2核2G】
239:elasticsearch+ logstash
240:kibana
查看ip:
iifup ens33
ip add
关闭防火墙、sulinux:
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
同步时间:
[root@localhost ~]# yum -y install ntp
[root@localhost ~]# ntpdate pool.ntp.org
1、安装elasticsearch(先安装java环境)
解压ELK压缩包:
[root@localhost ~]# yum -y install unzip
[root@localhost ~]# unzip ELK.zip
安装java环境
[root@localhost ~]# cd ELK
[root@localhost ELK]# rpm -ivh jdk-8u131-linux-x64_.rpm
安装配置elasticsearch:
[root@localhost ELK]# yum -y install elasticsearch-6.6.2.rpm
[root@localhost ELK]# systemctl daemon-reload
[root@localhost ELK]# systemctl enable elasticsearch.service
[root@localhost ELK]# yum -y install vim
[root@localhost ELK]# vim /etc/elasticsearch/elasticsearch.yml
[root@localhost ELK]# cat /etc/elasticsearch/elasticsearch.yml |grep -v "^#"
cluster.name: yl
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.136.239
http.port: 9200
[root@localhost ELK]# systemctl start elasticsearch
检测(两种方式):
[root@localhost ELK]# yum -y install net-tools
[root@localhost ELK]# netstat -anpt |grep java
[root@localhost ELK]# tailf /var/log/elasticsearch/yl.log
2、安装配置logstash(测试检测messages+secure)
[root@localhost ELK]# yum -y install logstash-6.6.0.rpm
[root@localhost ELK]# cd /etc/logstash/conf.d/
[root@localhost conf.d]# vim messages.conf
input {
file {
path => "/var/log/messages"
type => "messages-log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => "192.168.136.239"
index => "messages_log-%{+YYYY.MM.dd}"
}
}
[root@localhost conf.d]# vim secure.conf
input {
file {
path => "/var/log/secure"
type => "secure-log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => "192.168.136.239:9200"
index => "secure_log-%{+YYYY.MM.dd}"
}
}
[root@localhost conf.d]# cd /etc/logstash/
[root@localhost logstash]# vim pipelines.yml
-------------------------------------------------------
- pipeline.id: messages
path.config: "/etc/logstash/conf.d/messages.conf"
- pipeline.id: secure
path.config: "/etc/logstash/conf.d/secure.conf"
-------------------------------------------------------
[root@localhost ~]# chmod -R 777 /var/log/
[root@localhost ~]# systemctl enable logstash
[root@localhost ~]# systemctl start logstash
测试:
[root@localhost ~]# tailf /var/log/logstash/logstash-plain.log
--------------出现以下就正常---------------------------------------------------------
[2020-07-01T20:06:29,449][INFO ][logstash.outputs.elasticsearch] Installing elas ticsearch template to _template/logstash
----------------------------------------------------------------------------------
3、安装kibana:
[root@localhost ~]# cd ELK
[root@localhost ELK]# scp kibana-6.6.2-x86_64.rpm root@192.168.136.240:/root/
到另一台虚拟服务器
[root@localhost ~]# yum -y install kibana-6.6.2-x86_64.rpm
[root@localhost ~]# yum -y install vim
[root@localhost ~]# vim /etc/kibana/kibana.yml
[root@localhost ~]# cat /etc/kibana/kibana.yml | grep -v "^#" | sed '/^$/d'
server.port: 5601
server.host: "192.168.136.240"
elasticsearch.hosts: ["http://192.168.136.239:9200"]
[root@localhost ~]# systemctl enable kibana
[root@localhost ~]# systemctl start kibana
测试:
[root@localhost ~]# yum -y install net-tools
[root@localhost ~]# netstat -anpt |grep :5601
tcp 0 0 192.168.136.240:5601 0.0.0.0:* LISTEN 2436/node
登录web端: