规划如下:
192.168.191.130 jdk、elasticsearch、kibana
192.168.191.131 jdk、logstash
时间同步:
# ntpdate pool.ntp.org
解压压缩包:
# yum install unzip
# unzip ELK.zip
安装jdk:
# rpm -ivh jdk-8u131-linux-x64_.rpm
验证:
# java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
安装elasticsearch:
# yum install elasticsearch-6.6.2.rpm
编辑主配置文件:
# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: my07 17行
node.name: node-1 23行
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.191.130 55行
http.port: 9200 59行
# cat /etc/elasticsearch/elasticsearch.yml |grep -v "^#"
运行服务elasticsearch:
# systemctl enable elasticsearch
# systemctl start elasticsearch
验证服务:
9200:给客户端连接使用的
9300:给集群内部通信使用的
# netstat -lptnu|grep java
tcp6 0 0 192.168.191.130:9200 :::* LISTEN 14671/java
tcp6 0 0 192.168.191.130:9300 :::* LISTEN 14671/java
安装logstash:
# yum install logstash-6.6.0.rpm
编辑messages.conf:
# vim /etc/logstash/conf.d/messages.conf
input {
file {
path => "/var/log/messages"
type => "msg-log"
start_position => "beginning"
}
}
output{
elasticsearch {
hosts => "192.168.191.130:9200"
index => "msg_log-%{+YYYY.MM.dd}"
}
}
开启服务logstash:
# systemctl enable logstash
# systemctl start logstash
验证:
# netstat -lptnu|grep java
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 5453/java
问题1:权限
# chmod 777 /var/log -R
查看index是否创建成功:
# 方法1:tailf /var/log/elasticsearch/wg007.log
# 方法2:curl -X GET http://192.168.191.130:9200/_cat/indices?v
安装kibana:
# yum install kibana-6.6.2-x86_64.rpm
编辑配置文件:
# vim /etc/kibana/kibana.yml
# cat /etc/kibana/kibana.yml |grep -v "^#"|sed '/^$/d'
server.port: 5601
server.host: "192.168.191.130"
elasticsearch.hosts: ["http://192.168.191.130:9200"]
开启服务kibana:
# systemctl enable kibana
# systemctl start kibana
验证服务:
# netstat -lptnu|grep node
tcp 0 0 192.168.191.130:5601 0.0.0.0:* LISTEN 16172/node
编辑pipelines.yml:
# vim /etc/logstash/pipelines.yml
- pipeline.id: msg
path.config: "/etc/logstash/conf.d/messages.conf"
- pipeline.id: sec
path.config: "/etc/logstash/conf.d/secure.conf"