ELK安装+配置
2019-04-09 本文已影响0人
SA_xiaowenli
1. JAVA安装
-
JAVA下载
http://java.oracle.com -
java环境变量配置
编辑/etc/profile 或者 ~./bash_profile 添加以下配置
export PATH
export JAVA_HOME=/usr/java/jdk1.8.0_144/
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib
2. ELK下载
-
ES下载(6.4.2)
https://www.elastic.co/downloads/past-releases/elasticsearch-6-4-2 -
Logstash下载(6.4.2)
https://www.elastic.co/downloads/past-releases/logstash-6-4-2 -
Kinaba下载(6.4.2)
https://www.elastic.co/downloads/past-releases/kibana-6-4-2
3. ES安装
- 上传
mkdir -p /opt/elk/soft
上传 elasticsearch-6.4.2.tar.gz
- 解压
cd /opt/elk/soft
tar zxvf elasticsearch-6.4.2.tar.gz /opt/elk/
ls -l /opt/elk/
- 创建用户(必需)
groupadd elasticsearch
useradd elasticsearch -g elasticsearch -p elasticsearch
cd /opt/elk/
chown -R elasticsearch.elasticsearch ./elasticsearch-6.4.2/
/etc/security/limit.conf
elasticsearch soft nofile 65536
elasticsearch hard nofile 65536
elasticsearch hard nproc 4096
elasticsearch soft nproc 4096
- 配置
创建data目录
mkdir -p /log/es/es6/
cd /log
chown -R elasticsearch.elasticsearch ./es
编辑配置文件
[root@elksrv01 config]# cat elasticsearch.yml | grep -v ^# |grep -v ^$
cluster.name: apiins
node.name: node0
path.data: /log/es/es6/data
path.logs: /log/es/es6/log
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.10.5.3
http.port: 9200
- 启动,关闭,重启脚本
[root@elksrv01 init.d]# cat elasticsearch
#!/bin/sh
#chkconfig: 2345 80 05
#description: elasticsearch
export JAVA_HOME=/usr/java/jdk1.8.0_144
export JAVA_BIN=/usr/java/jdk1.8.0_144/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME JAVA_BIN PATH CLASSPATH
case "$1" in
start)
su elasticsearch<<!
cd /opt/elk/elasticsearch-6.4.2
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
stop)
es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill -9 $es_pid
echo "elasticsearch stopped"
;;
restart)
es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill -9 $es_pid
echo "elasticsearch stopped"
su elasticsearch<<!
cd /opt/elk/elasticsearch-6.4.2
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
*)
echo "start|stop|restart"
;;
esac
exit $?
- 验证
浏览器访问http://172.10.5.3:9200/
返回
{
"name" : "node0",
"cluster_name" : "apiins",
"cluster_uuid" : "LxLnkqDBQm2NBXvHS3PZ4g",
"version" : {
"number" : "6.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
- 问题
4. Logstash安装
-
上传
-
解压
-
配置
-
启动
- screen命令
-
验证
5. Kinaba安装
- 上传
- 解压
- 配置
- 启动
- 验证
6. nginx日志分析
- nginx日志配置
- filebeat配置
- Logstash配置
- GeoIP
- Kinaba展示
- 效果图
7. syslog日志分析
- syslog.conf配置
- Logstash配置
- 验证
