目录
一、安装Elasticsearch
1、下载安装包,上传解压
https://www.elastic.co/cn/downloads/past-releases/elasticsearch-7-6-2
2、新建es用户
# 创建用户
adduser es
# 设置密码
passwd es
3、帐号赋予目录权限
chown es /usr/local/ELK/ -R
4、设置一些用户相关的限制
1)增大linux上部署软件的内存和硬盘
vi /etc/security/limits.conf
es soft nofile 65536
es hard nofile 65536
es soft nproc 4096
es hard nproc 4096
退出重新登陆,使其生效
2)修改最大线程数
vi /etc/sysctl.conf
vm.max_map_count = 655360
sysctl -p 使其生效
3)配置用户最大的线程数
vim /etc/security/limits.d/xx-nproc.conf
sysctl -p 使其生效
5、配置密码
1)生成CA证书
[EsUser@localhost ~]$ elasticsearch-certutil ca
……
Please enter the desired output file [elastic-stack-ca.p12]: #这里直接回车即可
Enter password for elastic-stack-ca.p12 : #这里直接回车即可,不要设置密码
设置完毕后,会在/usr/local/elasticsearch-7.6.2下看到新生成的文件:
elastic-stack-ca.p12
2)生成p12秘钥
#使用第一步生成的证书,生成p12秘钥
elasticsearch-certutil cert --ca elastic-stack-ca.p12
下面三项直接回车即可:
……
Enter password for CA (elastic-stack-ca.p12) :
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 : #这里直接回车即可,不要设置密码,否则后面ES会启动不了
Certificates written to /usr/local/elasticsearch-7.6.2/elastic-certificates.p12
设置完毕后,会在/usr/local/elasticsearch-7.6.2下看到新生成的文件:
elastic-certificates.p12
3)拷贝p12秘钥文件
cd /usr/local/ElasticSearch/config
mkdir certs
将/usr/local/elasticsearch-7.6.2下elastic-certificates.p12、elastic-stack-ca.p12拷贝到certs下
4)修改配置文件
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
5)重启ES,配置密码
/usr/local/ElasticSearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
6)登录验证
6、完整elasticsearch.yml
cluster.name: elk-cluster
node.name: elk-node1
node.data: true
node.master: true
network.bind_host: 0.0.0.0
network.publish_host: 192.168.18.151
bootstrap.memory_lock: false
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.port: 9201
transport.port: 9301
discovery.seed_hosts: ["192.168.18.151:9301"]
cluster.initial_master_nodes: ["elk-node1"]
network.host: 0.0.0.0
#path.data: /usr/share/elasticsearch/data
#path.logs: /usr/share/elasticsearch/logs
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
7、shell脚本
1)start.sh
export ES_PATH_CONF=/home/es/elk/elasticsearch-7.6.2/config
bin/elasticsearch -d
2)stop.sh
#!/bin/bash
pro_patten="elasticsearch-7.6.2"
current_pid_list=$(ps -ef | grep $pro_patten | grep -v grep | awk '{print $2}')
for current_pid in $current_pid_list
do
kill -9 $current_pid
done
3)delete.sh
定时删除无效索引数据
二、安装kibana
1、下载安装包,上传解压
https://www.elastic.co/cn/downloads/past-releases/kibana-7-6-2
2、完整kibana.yml
server.name: elk-kibana
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://192.168.18.151:9201" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "elastic"
i18n.locale: "zh-CN"
3、shell脚本
1)start.sh
nohup bin/kibana &
2)stop.sh
#!/bin/bash
pro_patten=".*node/bin/node.*src/cli"
pid=`ps -ef | grep $pro_patten | grep -v grep | awk '{print $2}'`
if [ -n "$pid" ] ;then
echo "kill -9 的pid:" $pid
kill -9 $pid
fi
三、安装logstash
1、下载安装包,上传解压
https://www.elastic.co/cn/downloads/past-releases/logstash-7-6-2
2、shell脚本
1)start.sh
nohup /usr/local/logstash-7.6.2/bin/logstash -f /usr/local/logstash-7.6.2/config/logstash-test.conf &>/usr/local/logstash-7.6.2/logs/nohup.log&
2)stop.sh
#!/bin/bash
pro_patten="logstash"
pid=`ps -ef | grep $pro_patten | grep -v grep | awk '{print $2}'`
if [ -n "$pid" ] ;then
echo "kill -9 的pid:" $pid
kill -9 $pid
fi
四、安装filebeat
1、下载安装包,上传解压
https://www.elastic.co/cn/downloads/past-releases/filebeat-7-6-2
2、linux-shell脚本
1)start.sh
#!/bin/bash
echo "***********************************"
jar_name=filebeat.yml
pid=`ps -ef | grep $jar_name | grep -v grep | awk '{print $2}'`
if [ -n "$pid" ] ;then
echo "kill -9 的pid:" $pid
kill -9 $pid
fi
cd /usr/local/filebeat-7.6.2
echo "执行……"
#nohup ./filebeat -e -c filebeat.yml > nohup.log &
nohup ./filebeat -e -c filebeat.yml > logs/nohup.out 2>&1&
echo "*****************filebeat启动成功******************"
2)stop.sh
#!/bin/bash
jar_name=filebeat.yml
pid=`ps -ef | grep $jar_name | grep -v grep | awk '{print $2}'`
if [ -n "$pid" ] ;then
#!kill -9 强制停止
echo "kill -9 的pid:" $pid
kill -9 $pid
fi
3)checkFilebeatHeath.sh
#!/bin/bash
pro_patten="filebeat.yml"
pid=`ps -ef | grep $pro_patten | grep -v grep | awk '{print $2}'`
file_path=/usr/local/filebeat-7.6.2
starttime=$(date +%Y-%m-%d\ %H:%M:%S)
if [ -z "${pid}" ]; then
echo "$starttime 程序死了,现在启动" >> $file_path/logs/cron.log
sh $file_path/start.sh
fi
vim /var/spool/cron/root
*/2 * * * * /usr/local/filebeat-7.6.2/checkFilebeatHeath.sh >> /tools/logs/check.o.log 2>> /tools/logs/check.e.log
3、windows添加进服务
.\install-service-filebeat.ps1
若报错禁止执行脚本,先执行,再执行.\install-service-filebeat.ps1即可添加进服务