ELK实时日志分析平台部署搭建详细实现过程-关闭并禁用防火墙 [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disabl...

七彩网络

昔年博客
首页>> Linux >>ELK实时日志分析平台部署搭建详细实现过程
关闭并禁用防火墙
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
禁用SELINUX
[[email protected] ~]# setenforce 0
[[email protected] ~]# sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
Java环境
[[email protected] src]# tar zxvf jdk-8u181-linux-x64.tar.gz
[[email protected] src]# mv jdk1.8.0_181/ /usr/local/
[[email protected] src]# vi /etc/profile   //最下面添加
    export JAVA_HOME=/usr/local/jdk1.8.0_181
    export JRE_HOME=${JAVA_HOME}/jre
    export CLASSPATH=.:${JAVA_HOME}/lib/dt.JAVA_HOME/lib/tools.jar:${JRE_HOME}/lib
    export PATH=${JAVA_HOME}/bin:${PATH}
[[email protected] src]# source /etc/profile
[[email protected] src]# java -version
    java version "1.8.0_181"
    Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
    Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
ElasticSearch 的安装与运行
[[email protected] src]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz
[[email protected] src]# tar -xzf elasticsearch-6.2.2.tar.gz
[[email protected] src]# groupadd elasticsearch
[[email protected] src]# useradd elasticsearch -g elasticsearch
[[email protected] src]# chown -R elasticsearch:elasticsearch elasticsearch-6.2.2
[[email protected] src]# su elasticsearch
[[email protected] src]$ cd elasticsearch-6.2.2
[[email protected] elasticsearch-6.2.2]$ bin/elasticsearch
[[email protected] ~]# curl http://127.0.0.1:9200/
    {
      "name" : "6FN8LUp",
      "cluster_name" : "elasticsearch",
      "cluster_uuid" : "ez7zsys-TZKZfS3-d1cOmA",
      "version" : {
        "number" : "6.2.2",
        "build_hash" : "10b1edd",
        "build_date" : "2018-02-16T19:01:30.685723Z",
        "build_snapshot" : false,
        "lucene_version" : "7.2.1",
        "minimum_wire_compatibility_version" : "5.6.0",
        "minimum_index_compatibility_version" : "5.0.0"
      },
      "tagline" : "You Know, for Search"
    }
FileBeats 与 LogStash 的安装
[[email protected] src]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.tar.gz
[[email protected] src]# tar zxvf logstash-6.3.2.tar.gz
[[email protected] src]# cd logstash-6.3.2
[[email protected] logstash-6.3.2]# vim first.conf
    # 配置输入为 beats
    input {
        beats {
                port => "5044"
     
        }
     
    }
    # 数据过滤
    filter {
        grok {
                match => { "message" => "%{COMBINEDAPACHELOG}" }
     
        }
        geoip {
                source => "clientip"
     
        }
     
    }
    # 输出到本机的 ES
    output {
        elasticsearch {
                hosts => [ "localhost:9200"  ]
     
        }
     
    }
[[email protected] logstash-6.3.2]# bin/logstash -f first.conf --config.reload.automatic
[[email protected] ~]# netstat -ntlp | grep 5044
    tcp6       0      0 :::5044                 :::*                    LISTEN      12157/java
     
[[email protected] src]# tar -zxvf filebeat-6.3.2-linux-x86_64.tar.gz
[[email protected] src]# cd filebeat-6.3.2-linux-x86_64
[[email protected] filebeat-6.3.2-linux-x86_64]# vim filebeat.yml
    - type: log
       # Change to true to enable this prospector configuration.
        enabled: True
     
        # Paths that should be crawled and fetched. Glob based paths.
        # 读取 Nginx 的日志
        paths:
          - /usr/local/nginx/logs/*.log
     
    #----------------------------- Logstash output --------------------------------
    # 输出到本机的 LogStash
    output.logstash:
      # The Logstash hosts
      hosts: ["localhost:5044"]
[[email protected] filebeat-6.3.2-linux-x86_64]# ./filebeat -e -c filebeat.yml -d "publish"
 
[[email protected] src]# tar zxvf kibana-6.3.2-linux-x86_64.tar.gz
[[email protected] kibana-6.3.2-linux-x86_64]# bin/kibana

×

感谢您的支持,我们会一直保持!

扫码支持
请土豪扫码随意打赏

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在

打赏作者
版权所有,转载注意明处:昔年博客 » ELK实时日志分析平台部署搭建详细实现过程
分享本文至:
点击评论 您阅读这篇文章共花了: 

发表评论

路人甲 表情
Ctrl+Enter快速提交

网友评论(0)