本文详细介绍了如何一步步搭建ELK(Elasticsearch、Logstash、Kibana)日志审计系统。从Elasticsearch的下载、解压、配置,到添加用户和修改系统配置文件,确保其正常运行;接着安装Logstash,再到Filebeat的部署与Logstash、Kibana的启动,最后通过浏览器验证所有服务的运行状态,实现日志数据的可视化分析。
一、安装Elasticsearch
1.下载解压elasticsearch
[root@node-1 ~]# wget -P /opt https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.12.1-linux-x86_64.tar.gz
[root@node-1 ~]# tar zxvf /opt/elasticsearch-7.12.1-linux-x86_64.tar.gz -C /usr/local/
[root@node-1 ~]# cd /usr/local
[root@node-1 local]# mv elasticsearch-7.12.1/ elasticsearch/
[root@node-1 local]# cd elasticsearch/
[root@node-1 elasticsearch]# cp config/elasticsearch.yml config/elasticsearch.bak
2.编辑配置文件
[root@node-1 elasticsearch]# cat config/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application #集群名称
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1 #节点名称
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data #指定es数据存储路径
最低0.47元/天 解锁文章
扫一扫
451
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
