ELK 日志系统: Elasticsearch + Logstash + Kibana 搭建教程
安装配置 JDK 环境
JDK 安装 (不能安装 JRE)
JDK 下载地址: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
下载包: jdk-8u131-linux-x64.rpm
yum localinstall jdk-8u131-linux-x64.rpm
mvn 安装
- cd /usr/local
- wget http://www-eu.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
- tar xzf apache-maven-3.3.9-bin.tar.gz
- mv apache-maven-3.3.9 maven
- vi /etc/profile.d/maven.sh
- export M2_HOME=/usr/local/maven
- export PATH=${M2_HOME}/bin:${PATH}
- source /etc/profile.d/maven.sh
- mvn -version
安装 ElasticSearch
- yum install epel-release
- yum install npm nodejs
- # centos7 若安装 nodejs 失败, 请执行如下命令再重试
- rpm -ivh https://kojipkgs.fedoraproject.org//packages/http-parser/2.7.1/3.el7/x86_64/http-parser-2.7.1-3.el7.x86_64.rpm
- wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.rpm
- yum localinstall elasticsearch-6.2.3.rpm
- vim /etc/elasticsearch/elasticsearch.yml
- # 修改 network.host: 0.0.0.0
systemctl start elasticsearch
systemctl enable elasticsearch
systemctl status elasticsearch
- # elasticsearch 工具目录
- /usr/share/elasticsearch/bin/
安装 logstash
- wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.rpm
- yum localinstall logstash-6.2.3.rpm
- vim /etc/logstash/conf.d/logstash.conf
- input {
- file {
- path => ["/var/opt/log/a.log","/var/opt/log/b.log"]
- }
- }
- output {
- elasticsearch { hosts => ["localhost:9200"] }
- stdout { codec => rubydebug }
- }
systemctl start logstash
systemctl enable logstash
systemctl status logstash
安装 kibana
- wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-x86_64.rpm
- yum localinstall kibana-6.2.3-x86_64.rpm
- vim /etc/kibana/kibana.yml
- # 修改 elasticsearch.url 参数
- server.host: "0.0.0.0"
- elasticsearch.url: "http://localhost:9200"
systemctl start kibana
systemctl enable kibana
systemctl status kibana
安装 nginx
yum install nginx httpd-tools
htpasswd -c /etc/nginx/htpasswd.users XXX
vi /etc/nginx/conf.d/kibana.conf
- server {
- listen 80;
- server_name 10.10.24.233;
- auth_basic "Restricted Access";
- auth_basic_user_file /etc/nginx/htpasswd.users;
- location / {
- proxy_pass http://localhost:5601;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection 'upgrade';
- proxy_set_header Host $host;
- proxy_cache_bypass $http_upgrade;
- }
- }
systemctl enable nginx
systemctl start nginx
验证
- echo "hello world">/var/opt/log/a.log
- curl http://localhost:9200/_search?pretty 查看输出
来源: http://www.bubuko.com/infodetail-2554199.html