网络安全架构

Metricbeat+Elastcsearch+Kibana系统

2019-03-26  本文已影响465人  baiyongjie

简介

用于从系统和服务收集指标。Metricbeat和Filebeat一样,是一个轻量级的采集器,提供多种内部模块,这些模块可从多项服务.不但可以监控服务器的性能指标,还可以监控运行在服务区之上的应用信息(诸如Apache、MongoDB、MySQL、Ngnix、Redis、Zookeeper、System)。

将 Metricbeat 部署到您的所有 Linux、Windows 和 Mac 主机,并将它连接到 Elasticsearch 就大功告成了:您可以获取系统级的 CPU 使用率、内存、文件系统、磁盘 IO 和网络 IO 统计数据,还可针对系统上的每个进程获得与 top 命令类似的统计数据。

官网地址: https://www.elastic.co/cn/products/beats/metricbeat

部署ElasticSearch和Kibana

ElasticSearch和Kibana已经搭建好了 信息如下:

部署文档参考: 

ElasticSearch: 10.208.1.11:29200
Kibana: 10.208.1.11:5601

部署Metricbeat

官方文档: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-getting-started.html

下载安装

# wget https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-6.4.0-linux-x86_64.tar.gz
# tar zxvf metricbeat-6.4.0-linux-x86_64.tar.gz 
# mv metricbeat-6.4.0-linux-x86_64 /data/app/metricbeat
# cd /data/app/metricbeat/

启用模块和配置输出


# sed -i 's/#setup.dashboards.enabled: false/setup.dashboards.enabled: true/g' metricbeat.yml 
# grep setup.dashboards.enabled metricbeat.yml    
setup.dashboards.enabled: true

# 启用nginx,redis模块
# ./metricbeat modules enable nginx redis system
Enabled nginx
Enabled redis
Enabled system

# 配置输出到Elasticsearch
# vim metricbeat.yml 
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.208.1.11:29200"]
  
# 配置Kibana端点
# vim metricbeat.yml
setup.kibana:
  host: "10.208.1.11:5601"

启动

启动报错

# ./metricbeat -e

# 报错信息:
Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kibana: Error importing directory /data/app/metricbeat/kibana: Failed to import index-pattern: Failed to load directory /data/app/metricbeat/kibana/6/index-pattern:
  error loading /data/app/metricbeat/kibana/6/index-pattern/metricbeat.json: blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];. Response: {"objects":[{"id":"metricbeat-*","type":"index-pattern","error":{"message":"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"}}]}


# 解决办法, 在Kibana Dev Tools工具中执行下面请求
PUT .kibana/_settings
{
"index": {
  "blocks": {
    "read_only_allow_delete": "false"
    }
  }
}

# 重新启动
# ./metricbeat -e
2019-03-26T17:15:11.116+0800    INFO    [monitoring]    log/log.go:114  Starting metrics logging every 30s
2019-03-26T17:15:11.117+0800    INFO    elasticsearch/client.go:163     Elasticsearch url: http://10.208.1.11:29200
2019-03-26T17:15:11.120+0800    INFO    elasticsearch/client.go:708     Connected to Elasticsearch version 6.4.0
2019-03-26T17:15:11.120+0800    INFO    kibana/client.go:113    Kibana url: http://10.208.1.11:5601

# 后台启动命令
# nohup ./metricbeat -e &

Kibana仪表板展示

image.png

System Dashboard

image.png

Redis Dashboard

image.png
上一篇 下一篇

猜你喜欢

热点阅读