elk日志分析

最新推荐文章于 2024-08-19 15:54:07 发布

过客不予秋风

最新推荐文章于 2024-08-19 15:54:07 发布

阅读量80

点赞数

本文链接：https://blog.csdn.net/Sheise/article/details/117510606

版权

首先安装一下jdk

安装elk日志分析文件系统集群

挂载elk的光盘

[root@centos ~]# mount /dev/cdrom /mnt

解压tar包

[root@centos ~]# tar zxvf /mnt/node-v8.2.1.tar.gz -C /usr/src

将usr/src/下的node移动到usr下的local下的node

Cd /usr/local/node

安装

./configure && make && make install

用tar包安装

[root@centos ~]# rpm -ivh /mnt/elasticsearch-5.5.0.rpm

root@centos01 ~]# vim /etc/elasticsearch/elasticsearch.yml
       18 cluster.name: my-elk                                           //群集名字
       25 node.name: centos01                                           //节点计算机名
       46 bootstrap.memory_lock: false                                   //不锁定内存
       59 network.host: 192.168.100.10                                   //监听IP
       64 http.port: 9200                                               //监听端口
       74 discovery.zen.ping.unicast.hosts: ["centos01", "centos02"]

末行模式输入：x保存退出

将服务设置为开机自启

[root@centos01 ~]# systemctl daemon-reload
[root@centos01 ~]# systemctl start elasticsearch.service
[root@centos01 ~]# systemctl enable elasticsearch.service

监听端口

[root@centos01 ~]# netstat -anptu | grep 9200

安装phantomjs

用tar包安装

[root@centos01 bin]# cp phantomjs /usr/local/bin/
[root@centos01 bin]# chmod +x /usr/local/bin/phantomjs

安装elasticsearch-head

[root@centos elasticsearch-head]# tar zxvf /mnt/elasticsearch-head.tar.gz -C/usr/src

[root@centos elasticsearch-head]# mv /usr/src/elasticsearch-head/ /usr/local/

[root@centos elasticsearch-head]# cd /usr/local/elasticsearch-head/

[root@centos elasticsearch-head]# npm install

然后重新启动服务

修改为9200

[root@centos ~]# vim /usr/local/elasticsearch-head/_site/app.js

修改为9100

[root@centos ~]# vim /usr/local/elasticsearch-head/Gruntfile.js

启动服务
[root@centos01 ~]# cd /usr/local/elasticsearch-head/
[root@centos01 elasticsearch-head]# npm run start&

监听9100端口

netstat -anptu | grep 9100

访问成功

安装配置logstash

首先安装apache

[root@centos ~]# rm -rf /etc/yum.repos.d/C*

[root@centos ~]# mount /dev/cdrom /mnt

[root@centos ~]# yum -y install httpd

[root@centos ~]# echo "www.benet.com" > /var/www/html/index.html

[root@centos ~]# systemctl start httpd
[root@centos ~]# systemctl enabled httpd

rpm包安装

[root@centos ~]# rpm -ivh logstash-5.5.1.rpm

做一个软连接

[root@centos ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/

设置开机自启

[root@centos ~]# systemctl start logstash
[root@centos ~]# systemctl enable logstash

插入测试数据

       [root@centos03 ~]# logstash -e 'input { stdin{}} output { stdout{}}'
       [root@centos03 ~]# logstash -e 'input { stdin{}} output { stdout{ codec=>rubydebug}}'
       [root@centos03 ~]# logstash -e 'input { stdin{}} output { elasticsearch{hosts => ["192.168.100.10:9200"]}}'

采集apache日志

[root@centos ~]# chmod o+r /var/log/httpd/access_log
[root@centos ~]# touch /etc/logstash/conf.d/apache.conf
[root@centos ~]# chmod +x /etc/logstash/conf.d/apache.conf
[root@centos ~]# vim /etc/logstash/conf.d/apache.conf

检查日志采集文件

[root@centos ~]# logstash -f /etc/logstash/conf.d/apache.conf

没问题重启

[root@centos ~]# systemctl restart logstash.service

安装配置kibana

rpm -ivh /mnt/kibana-5.5.1-x86_64.rpm

修改配置文件，并设置开机自启

[root@centos ~]# vim /etc/kibana/kibana.yml

       3 server.port: 5601
       9 server.host: "192.168.100.10"
       24 elasticsearch.url: "http://192.168.100.10:9200
[root@centos ~]# systemctl start kibana
[root@centos ~]# systemctl enable kibana