Linux——ELK日志分析系统

实验环境

虚拟机三台CentOS 7.9,

组件包

elasticsearch-5.5.0.rpm elasticsearch-head.tar.gz node-v8.2.1.tar.gz

phantomjs-2.1.1-linux-x86_64.tar.bz2 logstash-5.5.1.rpm kibana-5.5.1-x86_64.rpm

初始化配置

三台主机都需安装Java运行环境jdk

复制代码
[root@chicken ~]# yum -y install java

安装elasticsearch,Node1 Node2 都配置

复制代码
[root@chicken ~]# cat <<EOF>> /etc/hosts
> 192.168.223.123 chicken
> 192.168.223.124 chicken
> EOF

上传安装包elasticsearch-5.5.0.rpm,并使用rpm安装

复制代码
[root@chicken ~]# rpm -ivh elasticsearch-5.5.0.rpm 

编辑elasticsearch 配置文件

复制代码
[root@chicken ~]# vim /etc/elasticsearch/elasticsearch.yml 
cluster.name: my-elk-cluster	#群集名称
node.name: node1				#节点名称,不同节点修改编号
path.data: /data/elk_data		#日志收集目录
path.logs: /data/elk_log   		#日志存放路径
bootstrap.memory_lock: false	#不锁定内存
network.host: 0.0.0.0		    #监听IP
http.port: 9200				    #监听端口
discovery.zen.ping.unicast.hosts: ["node1", "node2"]  #单播实现群集
[root@chicken ~]# mkdir -p /data/elk_data && mkdir -p /data/elk_log
[root@chicken ~]# chown -R elasticsearch:elasticsearch /data
[root@chicken ~]# systemctl start elasticsearch.service 

Node1部署elasticearch-head插件,安装node组件

复制代码
[root@chicken ~]# tar zxf node-v8.2.1.tar.gz 
[root@chicken ~]# cd node-v8.2.1/
[root@chicken node-v8.2.1]# ./configure && make && make install

安装phantomjs 组件

复制代码
[root@chicken ~]# tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 
[root@chicken ~]# mv phantomjs-2.1.1-linux-x86_64 /usr/src/phantomjs2.1
[root@chicken ~]# ln -s /usr/src/phantomjs2.1/bin/* /usr/local/bin/

安装 elasticsearch-head 组件

复制代码
[root@chicken ~]# tar zxf elasticsearch-head.tar.gz 
[root@chicken ~]# cd elasticsearch-head/
[root@chicken elasticsearch-head]# npm install
[root@chicken elasticsearch-head]# cat <<EOF>> /etc/elasticsearch/elasticsearch.yml
> http.cors.enabled: true
> http.cors.allow-origin: "*"
> http.cors.allow-headers: Authorization,Content-Type
> EOF
[root@chicken ~] systemctl restart elasticsearch
[root@chicken elasticsearch-head]# npm run start &

Node3上部署httpd+logstash,上传安装包使用rpm安装

复制代码
[root@chicken ~]# yum -y install httpd
[root@chicken ~]# systemctl enable httpd.service --now
[root@chicken ~]# rpm -ivh logstash-5.5.1.rpm 
[root@chicken ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/sbin/

编辑自定义提交日志配置

复制代码
[root@chicken ~]# vim /etc/logstash/conf.d/httpd_log.conf
input {
        file {
          path => "/var/log/httpd/access_log"
          type => "access"
          start_position => "beginning"
        }
        file {
          path => "/var/log/httpd/error_log"
          type => "error"
          start_position => "beginning"
        }
}
output {
        if [type] == "access" {
        elasticsearch {
          hosts => ["192.168.223.123:9200"]
          index => "httpd_access-%{+YYYY.MM.dd}"
        }
     }
        if [type] == "error" {
        elasticsearch {
          hosts => ["192.168.223.123:9200"]
          index => "httpd_error-%{+YYYY.MM.dd}"
        }
     }
}
####启动日志传递######
[root@chicken ~]# nohup logstash -f /etc/logstash/conf.d/httpd_log.conf &

访问http://192.168.223.123:9200

Node2安装kibana图形化查看工具

复制代码
[root@chicken ~]# rpm -ivh kibana-5.5.1-x86_64.rpm 
[root@chicken ~]# vim /etc/kibana/kibana.yml 
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.223.123:9200"
kibana.index: ".kibana"
[root@chicken ~]# systemctl enable kibana.service --now

访问http://192.168.223.124:5601

相关推荐
你想考研啊31 分钟前
四、jenkins自动构建和设置邮箱
运维·jenkins
Code blocks33 分钟前
使用Jenkins完成springboot项目快速更新
java·运维·spring boot·后端·jenkins
独行soc1 小时前
#渗透测试#批量漏洞挖掘#HSC Mailinspector 任意文件读取漏洞(CVE-2024-34470)
linux·科技·安全·网络安全·面试·渗透测试
BD_Marathon1 小时前
Ubuntu下Tomcat的配置
linux·ubuntu·tomcat
饥饿的半导体2 小时前
Linux快速入门
linux·运维
BD_Marathon2 小时前
Ubuntu:Tomcat里面的catalina.sh
linux·ubuntu·tomcat
BD_Marathon2 小时前
设置LInux环境变量的方法和区别_Ubuntu/Centos
linux·ubuntu·centos
Me4神秘2 小时前
Linux国产与国外进度对垒
linux·服务器·安全
zhaowangji2 小时前
ubuntu 20.04 安装中文输入法 (sougou pin yin)
linux·ubuntu
两斤半3 小时前
Debian TTY环境乱码
linux·debian