filebeat–>Logstash–>Elasticsearch–>Kibana
Yum安装nginx、java-1.8.0-openjdk ,上传E、L、
一台虚拟机,cpu 4 内存3G以上
E:elasticsearch(数据库) L:logstash(过滤日志) K:kibana-6.0.0(图形化显示)
filebeat 监控、转发,作为agent
K 之后进入上传目录,rpm -ivh安装三个rpm包
配置内核
echo '* hard nofile 65536 * soft nofile 65536 * soft nproc 65536 * hard nproc 65536 '>>/etc/security/limit.conf
echo 'vm.max_map_count = 262144 net.core.somaxconn=65535 net.ipv4.ip_forward = 1 '>>/etc/sysctl.conf
sysctl -p
配置e:
配置内容
[root@localhost ~]# grep -v ‘^#’ /etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
cluster.name: ELK
node.name: elk.novalocal
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: [“192.168.100.129:9300”]
discovery.zen.minimum_master_nodes: 1
重新加载e
systemctl daemon-reload
systemctl enable elasticsearch
systemctl restart elasticsearch
配置kibana:
cp /etc/kibana/kibana.yml /etc/kibana/kibana.yml.bak (做备份)
编辑/etc/kibana/kibana.yml以下四行
server.host: “0.0.0.0”
server.port: 5601
elasticsearch.url: “http://192.168.100.129:9200”
logging.dest: /var/log/kibana.log
配置完后重启:
touch /var/log/kibana.log
chmod 777 /var/log/kibana.log
systemctl enable kibana
systemctl restart kibana
logstash配置
vi /etc/profile.d/logstash.sh
export PATH=$PATH:/usr/share/logstash/bin/ (添加环境变量)
source /etc/profile.d/logstash.sh
#添加日志处理文件(索引):
vi /etc/logstash/conf.d/nginx.conf
input {
file {
path => “/usr/local/nginx/logs/access.log”
start_position => “beginning”
type => “nginx”
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => [“192.168.200.196:9200”]
index => “nginx-test-%{+YYYY.MM.dd}”
}
}
[root@client conf.d]# logstash -f /etc/logstash/conf.d/nginx.conf -t 检查文件配置
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N(这里出现了报错,是因为cpu太少导致!)
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
第二错报警处理解决办法:
mkdir -p /usr/share/logstash/config/
ln -s /etc/logstash/* /usr/share/logstash/config
chown -R logstash:logstash /usr/share/logstash/config/
logstash -f /etc/logstash/conf.d/nginx.conf #启动配置文件,必须,启动时往抓取日志的地方写点东西进去
配置nginx日志: #yum安装的配置文件路径不同,可用find寻找
vi /usr/local/nginx/conf/nginx.conf
log_format main2 '$http_host $remote_addr -
r
e
m
o
t
e
u
s
e
r
[
remote_user [
remoteuser[time_local] “KaTeX parse error: Double superscript at position 34: … '̲status
b
o
d
y
b
y
t
e
s
s
e
n
t
"
body_bytes_sent "
bodybytessent"http_referer” ’
‘“
h
t
t
p
u
s
e
r
a
g
e
n
t
"
"
http_user_agent" "
httpuseragent""upstream_addr” $request_time’;
vi /usr/local/nginx/conf/vhost/discuz.com.conf
access_log /usr/local/nginx/logs/access.log main2; #添加这一行日志格式
重新加载
systemctl enable logstash
systemctl restart logstash
查看索引:
curl ‘localhost:9200/_cat/indices?v’ #单节点部署,由于只有一个节点,分片要和主分片节点不同,所以分片为不可用,导致状态为yellow的
curl -H “Content-Type: application/json” -XPUT “http://localhost:9200/_settings” -d’ {“number_of_replicas”:0} ’
通过服务命令,查看集群部署状态
curl -X GET ‘http://localhost:9200/_cluster/health?pretty’
登陆kibana网址创建对应索引即可
测试命令参考
https://zhaoyanblog.com/archives/732.html
yum install -y libevent-devel wget tar gcc gcc-c++ make net-snmp-devel libxml2-devel libcurl-devel mysql-devel
在server端安装mariadb服务,创建zabbix数据库,密码为zabbix,并授权给所有用户;
将
导入数据到zabbix数据库(注意顺序)
mysql>create database zabbix character set utf8;
Cd /usr/local/src/zabbix-4.0.3/database/mysql
mysql -uzabbix -p zabbix <schema.sql
mysql -uzabbix -p zabbix <images.sql
mysql -uzabbix -p zabbix <data.sql
部署zabbix_server服务端,采用编译安装,指定安装目录/usr/local/zabbix;编译安装,配置环境变量;导入zabbix的库;配置zabbix_server配置文件,日志存放路径放在/tmp目录下;定义告警脚本存放路径在/scripts下:
编译参数 ./configure --prefix=/usr/local/zabbix --enable-server --enable-agent --with-mysql --enable-ipv6 --with-net-snmp --with-libcurl --with-libxml2
环境变量 export ZABBIX=/usr/local/zabbix/bin
export PATH=
P
A
T
H
:
PATH:
PATH:MYSQL:$ZABBIX
配置文件: /usr/local/zabbix/etc/zabbix_server.conf
LogFile=/tmp/zabbix_server.log
SocketDir=/tmp
DBHost=127.0.0.1
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix
Timeout=4
AlertScriptsPath=/script
LogSlowQueries=3000
web界面部署安装zabbix服务,根据提示修改php的配置文件,完成zabbix的安装;(php.ini)
PHP option “max_input_time” 60 300
更改/usr/local/php/etc/php.ini中的max_input_time为300
部署完web界面的zabbix,设置页面为中文,并修复中文乱码问题:
设置中文 打开Zabbix界面,Administrator-Users 选择语言-Chinese(zh_CN)-update-刷新Zabbix Web页面
乱码 从Window服务器找到相应的字休复制到zabbix Server服务器上:
控制面板–>字体–>选择一种中文字库例如“楷体”,放到web路径下/home/wwwroot/default/fonts/
注:必须是ttf结尾,可以修改名称
Vi /home/wwwroot/default/include/defines.inc.php,使用%s/graphfont/[字体名前缀]/g命令对graphfont进行全局替换
部署zabbix_agent,两台服务器都需要配置(直接rpm安装)
自定义监控项,采用自定义脚本完成对在线用户、lnmp进程、lnmp端口、以及lnmp服务状态的监控
自定义告警脚本,配置报警媒介,实现告警邮件通知:
Yum 安装sendmail和mailx
向mailx配置文件/etc/mail.rc中添加
set from=123456@qq.com (邮箱)
set smtp=smtp.qq.com (指定邮箱使用的协议)
set smtp-auth-user=123456@qq.com (用户名)
set smtp-auth-password=gbsvvelmfbthdibd (授权码)
set smtp-auth=login
告警脚本
#!/bin/bash
#send mail
messages=echo $3 | tr '\r\n' '\n'
subject=echo $2 | tr '\r\n' '\n'
echo “
m
e
s
s
a
g
e
s
"
∣
m
a
i
l
−
s
"
{messages}" | mail -s "
messages"∣mail−s"{subject}” $1 >>/tmp/mailx.log 2>&1