首先下载JDK 和es
运行es: cd /usr/tools/elasticSearch
./bin/elasticsearch (root 用户)
1.下载:packetBeat
sudo yum install libpcap curl
-
L
-
O https
://
download
.
elastic
.
co
/
beats
/
packetbeat
/
packetbeat
-
1.1
.
2
-
x86_64
.
rpm sudo rpm
-
vi packetbeat
-
1.1
.
2
-
x86_64
.
rpm
2。配置 /etc/packetbeat/packetbeat.yml
output: ### Elasticsearch as output elasticsearch: # Array of hosts to connect to. hosts: ["192.168.1.42:9200"]
或者
output: logstash: hosts: ["127.0.0.1:5044"]
3.加载模板:curl -XPUT 'http://localhost:9200/_template/packetbeat' -d@/etc/packetbeat/packetbeat.template.json
4.启动:sudo /etc/init.d/packetbeat start
5.测试:
curl http://www.elastic.co/ > /dev/null
curl -XGET 'http://localhost:9200/packetbeat-*/_search?pretty'
下载 es 的head 插件:
进入 es /bin 目录 然后:
./plugin -install mobz/elasticsearch-head