ELK Yum安装
1.初始环境配置
1.1.安装java环境
ELK对java环境的要求
https://www.elastic.co/CN/support/matrix#matrix_jvm
1.2.配置系统参数
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
cat >> /etc/security/limits.conf << EOF
* hard nofile 65535
* soft nofile 65535
EOF
2.Elasticsearch
2.1.elasticsearch安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.4.3-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.4.3-x86_64.rpm.sha512
shasum -a 512 -c elasticsearch-8.4.3-x86_64.rpm.sha512
sudo rpm --install elasticsearch-8.4.3-x86_64.rpm
2.2.修改配置
vim /etc/elasticsearch/elasticsearch.yml
修改network.host为0.0.0.0
sed -n '/^#network/p' /etc/elasticsearch/elasticsearch.yml
sed -i '/^#network.host/s/.*/network.host: 0.0.0.0/' /etc/elasticsearch/elasticsearch.yml
sed -n '/^network.host/p' /etc/elasticsearch/elasticsearch.yml
2.3.启动服务
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
2.4.配置elastic的自定义密码
执行命令按y确认后输入自定义的elastic的密码
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i
2.5.获取kibana的token
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
2.6.检查 Elasticsearch 是否在运行
sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:密码 https://localhost:9200/_cluster/health?pretty
2.7.安全配置参考链接
https://blog.csdn.net/UbuntuTouch/article/details/120568128?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170546061616800188533934%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=170546061616800188533934&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2blogfirst_rank_ecpm_v1~rank_v31_ecpm-3-120568128-null-null.nonecase&utm_term=tls&spm=1018.2226.3001.4450
https://blog.csdn.net/UbuntuTouch/article/details/119249865?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170546061616800188533934%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=170546061616800188533934&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2blogfirst_rank_ecpm_v1~rank_v31_ecpm-4-119249865-null-null.nonecase&utm_term=tls&spm=1018.2226.3001.4450
https://blog.csdn.net/UbuntuTouch/article/details/105636302?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170546061616800188533934%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=170546061616800188533934&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2blogfirst_rank_ecpm_v1~rank_v31_ecpm-6-105636302-null-null.nonecase&utm_term=tls&spm=1018.2226.3001.4450
https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security
https://www.elastic.co/cn/blog/tips-to-secure-elasticsearch-clusters-for-free-with-encryption-users-and-more
https://blog.csdn.net/UbuntuTouch/article/details/130643942?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170548090016800225550299%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=170548090016800225550299&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2blogfirst_rank_ecpm_v1~rank_v31_ecpm-25-130643942-null-null.nonecase&utm_term=tls&spm=1018.2226.3001.4450
https://blog.csdn.net/UbuntuTouch/article/details/132163344?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170548090016800225550299%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=170548090016800225550299&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2blogfirst_rank_ecpm_v1~rank_v31_ecpm-26-132163344-null-null.nonecase&utm_term=tls&spm=1018.2226.3001.4450
https://elasticstack.blog.csdn.net/article/details/130247908
https://elasticstack.blog.csdn.net/article/details/126868040
https://elasticstack.blog.csdn.net/article/details/129107566
3.Kibana
3.1.Kibana安装
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.4.3-x86_64.rpm
shasum -a 512 kibana-8.4.3-x86_64.rpm
sudo rpm --install kibana-8.4.3-x86_64.rpm
3.2.修改配置文件
在默认的情况下 Kibana 绑定于 localhost。为了能让 Kibana 在外网进行访问,我们可以修改 kibana.yml 配置文件:
vim /etc/kibana/kibana.yml 将server.host修改为"0.0.0.0"
sed -n '/^#server.host/p' /etc/kibana/kibana.yml
sed -i '/^#server.host/s/.*/server.host: 0.0.0.0/' /etc/kibana/kibana.yml
sed -n '/^server.host/p' /etc/kibana/kibana.yml
启动服务
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
sudo /bin/systemctl start kibana.service
获取kibana-verification-code
/usr/share/kibana/bin/kibana-verification-code
打开kibana的页面进行配置
http://kiabna服务器IP:5601 ,输入2.5获取kibana的token值后再输入elasitc配置的用户名密码后即可进入kibana管理页面。