实验环境
虚拟机三台CentOS 7.9,
组件包
elasticsearch-5.5.0.rpm elasticsearch-head.tar.gz node-v8.2.1.tar.gz
phantomjs-2.1.1-linux-x86_64.tar.bz2 logstash-5.5.1.rpm kibana-5.5.1-x86_64.rpm
初始化配置
三台主机都需安装Java运行环境jdk
[root@chicken ~]# yum -y install java
安装elasticsearch,Node1 Node2 都配置
[root@chicken ~]# cat <<EOF>> /etc/hosts
> 192.168.223.123 chicken
> 192.168.223.124 chicken
> EOF
上传安装包elasticsearch-5.5.0.rpm,并使用rpm安装
[root@chicken ~]# rpm -ivh elasticsearch-5.5.0.rpm
编辑elasticsearch 配置文件
[root@chicken ~]# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster #群集名称
node.name: node1 #节点名称,不同节点修改编号
path.data: /data/elk_data #日志收集目录
path.logs: /data/elk_log #日志存放路径
bootstrap.memory_lock: false #不锁定内存
network.host: 0.0.0.0 #监听IP
http.port: 9200 #监听端口
discovery.zen.ping.unicast.hosts: ["node1", "node2"] #单播实现群集
[root@chicken ~]# mkdir -p /data/elk_data && mkdir -p /data/elk_log
[root@chicken ~]# chown -R elasticsearch:elasticsearch /data
[root@chicken ~]# systemctl start elasticsearch.service
Node1部署elasticearch-head插件,安装node组件
[root@chicken ~]# tar zxf node-v8.2.1.tar.gz
[root@chicken ~]# cd node-v8.2.1/
[root@chicken node-v8.2.1]# ./configure && make && make install
安装phantomjs 组件
[root@chicken ~]# tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2
[root@chicken ~]# mv phantomjs-2.1.1-linux-x86_64 /usr/src/phantomjs2.1
[root@chicken ~]# ln -s /usr/src/phantomjs2.1/bin/* /usr/local/bin/
安装 elasticsearch-head 组件
[root@chicken ~]# tar zxf elasticsearch-head.tar.gz
[root@chicken ~]# cd elasticsearch-head/
[root@chicken elasticsearch-head]# npm install
[root@chicken elasticsearch-head]# cat <<EOF>> /etc/elasticsearch/elasticsearch.yml
> http.cors.enabled: true
> http.cors.allow-origin: "*"
> http.cors.allow-headers: Authorization,Content-Type
> EOF
[root@chicken ~] systemctl restart elasticsearch
[root@chicken elasticsearch-head]# npm run start &
Node3上部署httpd+logstash,上传安装包使用rpm安装
[root@chicken ~]# yum -y install httpd
[root@chicken ~]# systemctl enable httpd.service --now
[root@chicken ~]# rpm -ivh logstash-5.5.1.rpm
[root@chicken ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/sbin/
编辑自定义提交日志配置
[root@chicken ~]# vim /etc/logstash/conf.d/httpd_log.conf
input {
file {
path => "/var/log/httpd/access_log"
type => "access"
start_position => "beginning"
}
file {
path => "/var/log/httpd/error_log"
type => "error"
start_position => "beginning"
}
}
output {
if [type] == "access" {
elasticsearch {
hosts => ["192.168.223.123:9200"]
index => "httpd_access-%{+YYYY.MM.dd}"
}
}
if [type] == "error" {
elasticsearch {
hosts => ["192.168.223.123:9200"]
index => "httpd_error-%{+YYYY.MM.dd}"
}
}
}
####启动日志传递######
[root@chicken ~]# nohup logstash -f /etc/logstash/conf.d/httpd_log.conf &
Node2安装kibana图形化查看工具
[root@chicken ~]# rpm -ivh kibana-5.5.1-x86_64.rpm
[root@chicken ~]# vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.223.123:9200"
kibana.index: ".kibana"
[root@chicken ~]# systemctl enable kibana.service --now
