准备两台centos7
配置:2核心2G内存
规划如下:
ip地址:
192.168.179.142:
jdk
kibana
elasticsearch
192.168.179.145:
jdk
logstash
1. 关闭防火墙
[root@localhost src]# systemctl stop firewalld
[root@localhost src]# setenforce 0
2. 安装jdkk
[root@localhost ELK]# rpm -ivh jdk-8u131-linux-x64_.rpm
验证 [root@localhost ELK]# java -version
3. 安装elasticsearch
[root@localhost ELK]# rpm -ivh elasticsearch-6.6.2.rpm
4. 修改配置文件
vim /etc/elasticsearch/elasticsearch.yml
cluster.name: myson
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.179.142
http.port: 9200
开启服务 systemctl start elasticsearch
5. 查看服务是否运行
[root@localhost elasticsearch]# tailf /var/log/elasticsearch/my.log
6. 安装kibana
[root@localhost ELK]# rpm -ivh kibana-6.6.2-x86_64.rpm
7.修改配置文件
root@localhost kibana]# cat kibana.yml |grep -v '^#'|sed '/^$/d'
server.port: 5601
server.host: "192.168.179.142"
elasticsearch.hosts: ["http://192.168.179.142:9200"]
8.启动kibana
systemctl start kibana
#
在192.168.179.145上操作
- 安装JDK
- 安装logstash
root@localhost ELK]# rpm -ivh logstash-6.6.0.rpm
vim /etc/logstash/conf.d/msg.conf
input{
file{
path => "/var/log/messages"
type => 'msg-log'
start_position => "beginning"
}
}
output{
elasticsearch{
hosts => "192.168.179.142:9200"
index => "msg_log-%{+YYYY.MM.dd}"
}
}
vim /etc/logstash/conf.d
input{
file{
path => "/var/log/secure"
type => 'sec-log'
start_position => "beginning"
}
}
output{
elasticsearch{
hosts => "192.168.179.142:9200"
index => "sec_log-%{+YYYY.MM.dd}"
}
}
编写pipelines.yaml文件
[root@localhost ~]# vim /etc/logstash/pipelines.yml
- pipeline.id: msg
path.config: "/etc/logstash/conf.d/msg.conf"
- pipeline.id: sec
path.config: "/etc/logstash/conf.d/secure.conf"
授权
chmod 644 /var/log/messages
在浏览器访问kibana
http://192.168.179.142:5601