ELK的安裝

2020-10-25 17:00:38

準備兩臺centos7

	設定:2核心2G記憶體
	規劃如下:
	ip地址:
	192.168.179.142:
	jdk
	kibana
	elasticsearch

	192.168.179.145:
	jdk
	logstash

 1. 關閉防火牆
[root@localhost src]# systemctl stop firewalld
[root@localhost src]# setenforce 0
 2. 安裝jdkk
 [root@localhost ELK]# rpm -ivh jdk-8u131-linux-x64_.rpm 
	驗證 [root@localhost ELK]# java -version
 3. 安裝elasticsearch
 [root@localhost ELK]# rpm -ivh elasticsearch-6.6.2.rpm
 
 4. 修改組態檔
 	vim /etc/elasticsearch/elasticsearch.yml
 	cluster.name: myson
	node.name: node-1
	path.data: /var/lib/elasticsearch
	path.logs: /var/log/elasticsearch
	network.host: 192.168.179.142
	http.port: 9200
	開啟服務   systemctl start elasticsearch
 5. 檢視服務是否執行
 	[root@localhost elasticsearch]# tailf /var/log/elasticsearch/my.log 
 6. 安裝kibana
	[root@localhost ELK]# rpm -ivh kibana-6.6.2-x86_64.rpm	
 7.修改組態檔
 root@localhost kibana]# cat kibana.yml |grep -v '^#'|sed '/^$/d'
	server.port: 5601
	server.host: "192.168.179.142"
	elasticsearch.hosts: ["http://192.168.179.142:9200"]
 8.啟動kibana
 	systemctl start kibana
# 	
 

在192.168.179.145上操作

  1. 安裝JDK
  2. 安裝logstash
    root@localhost ELK]# rpm -ivh logstash-6.6.0.rpm
	vim /etc/logstash/conf.d/msg.conf
input{
	file{
		path => "/var/log/messages"
		type => 'msg-log'
		start_position => "beginning"
	}
}

output{
	elasticsearch{
		hosts => "192.168.179.142:9200"
		index => "msg_log-%{+YYYY.MM.dd}"
	}
}	

vim /etc/logstash/conf.d
input{
	file{
		path => "/var/log/secure"
		type => 'sec-log'
		start_position => "beginning"
	}
}

output{
	elasticsearch{
		hosts => "192.168.179.142:9200"
		index => "sec_log-%{+YYYY.MM.dd}"
	}
}


編寫phpeline.yaml檔案
- pipeline.id: msg
  path.config: "/etc/logstash/conf.d/msg.conf"
- pipeline.id: sec
  path.config: "/etc/logstash/conf.d/secure.conf"
授權
chmod 644 /var/log/messages 

在瀏覽器存取kibana
http://192.168.179.142:5601