2020-10-24

最新推荐文章于 2024-07-12 14:33:22 发布

weixin_51886593

最新推荐文章于 2024-07-12 14:33:22 发布

阅读量83

点赞数

文章标签： 1024程序员节

本文链接：https://blog.youkuaiyun.com/weixin_51886593/article/details/109263285

版权

elk部署

elk服务器 jdk+elasticsearch+kibana
elk客户端 jdk+logstash

elk服务器
关闭防火墙

systemctl stop firewalld
setenforce 0

时间同步

yum -y install ntpdate
ntpdate  pool.ntp.org

安装jdk

rpm -ivh jdk-8u131-linux-x64_.rpm
java -version

安装elasticsearch

rpm -ivh elasticsearch-6.6.2.rpm

修改/etc/elasticsearch/elasticsearch.yml配置文件

vim /etc/elasticsearch/elasticsearch.yml
17 cluster.name: bobo
23 node.name: node-1
55 network.host: 192.168.81.0
59 http.port: 9200

启动elasticsearch

systemctl enable elasticsearch
systemctl start elasticsearch

安装kibana

rpm -ivh kibana-6.6.2-x86_64.rpm

修改kibana配置文件

vim /etc/kibana/kibana.yml

启动kibana

systemctl start kibana

elk服务器部署完毕！
elk客户端
关闭防火墙

systemctl stop firewalld
setenforce 0

时间同步

yum -y install ntpdate
ntpdate  pool.ntp.org

安装jdk

rpm -ivh jdk-8u131-linux-x64_.rpm
java -version

安装logstash

rpm -ivh logstash-6.6.0.rpm
systemctl start logstash

修改msg.conf

 vim /etc/logstash/conf.d/msg.conf 
 input{
        file{
                path => "/var/log/messages"
                type => 'msg-log'
                start_position => "beginning"
        }
}

output{
        elasticsearch{
                hosts => "192.168.81.0:9200"
                index => "msg_log-%{+YYYY.MM.dd}"
        }
}

修改secure文件

vim /etc/logstash/conf.d/secure.conf
input{
        file{
                path => "/var/log/secure"
                type => 'sec-log'
                start_position => "beginning"
        }
}

output{
        elasticsearch{
                hosts => "192.168.81.810:9200"
                index => "sec_log-%{+YYYY.MM.dd}"
        }
}

修改apache_log.conf 文件

vim /etc/logstash/conf.d/apache_log.conf
input{
        file{
                path => "/etc/httpd/logs/access_log"
                type => "access"
                start_position => "beginning"
}
        file{
                path => "/etc/httpd/logs/error_log"
                type => "error"
                start_position => "beginning"
}
}

output{
        if[type] == "access"{
                elasticsearch{
                        hosts => ["192.168.81.0:9200"]
                        index => "apache_access-%{+YYYY.MM.dd}"
}
}
        if[type] == "error"{
                elasticsearch{
                        hosts => ["192.168.81.0:9200"]
             index => "apache_access-%{+YYYY.MM.dd}"
}
}
}

报错处理

chmod 777 /var/log -R

检索Apache日志文件

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/apache_log.conf

启动logstash

systemctl restart logstash
netstat  -lptnu|grep 9600
curl '192.168.81.0:9200/_cat/indices?v'