ElasticSearch 和packetBeat 的使用

首先下载JDK  和es 

运行es: cd /usr/tools/elasticSearch

./bin/elasticsearch  (root 用户）

1.下载：packetBeat

sudo yum install libpcap curl -L -O https://download.elastic.co/beats/packetbeat/packetbeat-1.1.2-x86_64.rpm sudo rpm -vi packetbeat-1.1.2-x86_64.rpm

2。配置 /etc/packetbeat/packetbeat.yml

output: ### Elasticsearch as output elasticsearch: # Array of hosts to connect to. hosts: ["192.168.1.42:9200"]

或者

output: logstash: hosts: ["127.0.0.1:5044"] 

3.加载模板：curl -XPUT 'http://localhost:9200/_template/packetbeat' -d@/etc/packetbeat/packetbeat.template.json

4.启动：sudo /etc/init.d/packetbeat start

5.测试：

curl http://www.elastic.co/ > /dev/null

curl -XGET 'http://localhost:9200/packetbeat-*/_search?pretty'

下载 es 的head 插件：

 进入 es /bin 目录  然后：./plugin -install mobz/elasticsearch-head