10.0.0.51 elasticsaerch
10.0.0.0.52 docker 容器
1.安装elasticsearch(51)
1.1下载,上传,安装jdk
rpm -ivh jdk-8u181-linux-x64.rpm
1.2下载,上传,安装elasticsearch
rpm -ivh elasticsearch-6.6.0.rpm
1.3自定义配置文件
cp /etc/elasticsearch/elasticsearch.yml /opt/
cat >/etc/elasticsearch/elasticsearch.yml<<EOF
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 10.0.0.51,127.0.0.1
http.port: 9200
EOF
注:如果内存只有1G
systemctl edit elasticsearch
[Service]
LimitMEMLOCK=infinity
1.4启动
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
1.5查看日志
tail -f /var/log/elasticsearch/elasticsearch.log
页面访问 10.0.0.51:9200
注意9300也要开放
2.安装ES-head与kibana(51)
2.1es-head插件安装
google浏览器插件(推荐)
点击
把es-head-0.1.4_0.crx.zip拖到插件里
2.2安装kibana(51)
1.上传包,安装
rpm -ivh kibana-6.6.0-x86_64.rpm
2.配置kibana
[root@db-01 /data/soft]# grep "^[a-Z]" /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.0.0.51"
elasticsearch.hosts: ["http://localhost:9200"]
kibana.index: ".kibana"
3.启动kibana
systemctl start kibana
4.访问页面
http://10.0.0.51:5601/
注:
页面如果出现:Kibana server is not ready yet
请认真等待,需要好几分钟,刷新
52上面安装docker
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.tuna.tsinghua.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce -y
systemctl start docker
运行一个nginx容器
[root@db02 ~]# docker run -d -p 80:80 nginx
e032059d26dd3b423d535e0217c55e1b4c72364739ae9b05e7b7c5b55572597d
把容器nginx的配置文件cp出来修改为json格式,在cp回容器
[root@db02 ~]# docker cp e032059d26dd3b423d:/etc/nginx/nginx.conf .
[root@db02 ~]# egrep -v "^$|#" nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json '{ "time_local": "$time_local", '
'"remote_addr": "$remote_addr", '
'"referer": "$http_referer", '
'"request": "$request", '
'"status": $status, '
'"bytes": $body_bytes_sent, '
'"agent": "$http_user_agent", '
'"x_forwarded": "$http_x_forwarded_for", '
'"up_addr": "$upstream_addr",'
'"up_host": "$upstream_http_host",'
'"upstream_time": "$upstream_response_time",'
'"request_time": "$request_time"'
' }';
access_log /var/log/nginx/access.log json;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
[root@db02 ~]# docker cp nginx.conf e032059d26dd3b423d:/etc/nginx/nginx.conf
检查容器内的配置文件
[root@db02 ~]# docker exec -it e032059d26dd3b423d /bin/bash
commit为镜像
[root@db02 ~]# docker commit e032059d26dd nginx:v2
创建容器日志目录
mkdir /opt/{nginx,mysql} -p
将容器的日志目录挂载到宿主机
docker rm -f $(docker ps -a -q)
docker run -d -p 80:80 -v /opt/nginx:/var/log/nginx nginx:v2
docker run -d -p 8080:80 -v /opt/mysql:/var/log/nginx nginx:v2
52上安装filebeat
rpm -ivh filebeat-6.6.0-x86_64.rpm
rpm -qc filebeat
修改filebeat配置文件
cat >/etc/filebeat/filebeat.yml<<EOF
filebeat.inputs:
- type: log
enabled: true
paths:
- /opt/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["nginx_access"]
- type: log
enabled: true
paths:
- /opt/nginx/error.log
tags: ["nginx_error"]
- type: log
enabled: true
paths:
- /opt/mysql/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["mysql_access"]
- type: log
enabled: true
paths:
- /opt/mysql/error.log
tags: ["mysql_error"]
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "nginx_access"
- index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "nginx_error"
- index: "mysql-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "mysql_access"
- index: "mysql-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "mysql_error"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
EOF
删除以前的es索引和kibana索引
es-head >> filebeat-6.6.0-2019.11.15 >> 动作 >>删除
删除db02的旧日志
[root@db02 /opt/nginx]# rm -rf /opt/ningx/*
重启filebeat
systemctl restart filebeat
生成测试命令(db02)
curl 127.0.0.1
curl 127.0.0.1:8080/dbbbbbbbbbbbbb
刷新
添加到kibana (下面是流程)对应的索引没有在做的时候截图
Management >> Index Patterns >> filebeat-6.6.0-2019.11.15 >>@timestamp >>create >> discover
注:如果要出各种图,请看博客kibana画图