ELK:日志监控平台部署-基于elastic stack 8版本

ELK:日志监控平台部署

前言

简介

最近在学习ELK,已完成了集群的部署,但在部署期间遇到很多问题,从而浪费很长时间,所以想将部署过程记录下来,分享给大家,希望大家少走弯路,加快学习效率,也为自己巩固知识,愿与大家共同成长!

架构

主机名 IP 软件 角色
elk1 192.168.31.111 ES ZK Kafka Filebeat master、data
elk2 192.168.31.112 ES ZK Kafka Filebeat master、data
elk3 192.168.31.113 ES ZK Kafka Filebeat master、data
elk4 192.168.31.114 Logstach Kabina

软件包下载

链接: https://pan.baidu.com/s/1u0C36gwQUN6JbtxDNm3u_A?pwd=YSnb 提取码: YSnb

视频链接(自己录制,原创)

ELK-日志监控平台-部署教程-1-部署前准备工作

https://www.bilibili.com/video/BV1Ts1PYGELu?vd_source=8e069ee61132fd8c52b63a8467883499

一、系统准备工作

1. 配置hosts文件

复制代码
[root@elk1 ~]# vim /etc/hosts
192.168.31.111 elk1
192.168.31.112 elk2
192.168.31.113 elk3
192.168.31.114 elk4

2. 配置互信免密登录

2.1 生成密钥对

复制代码
[root@elk1 ~]# ssh-keygen -t rsa

2.2 发送公钥

复制代码
[root@elk1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@ek2

3.设置NTP时钟同步

3.1 安装ntpdate

复制代码
[root@elk1 ~]# yum -y install ntpdate

3.2 同步时钟

复制代码
[root@elk1 ~]# ntpdate ntp.aliyun.com

3.2 配置时钟同步定时任务

复制代码
[root@elk1 ~]# echo "*/5 * * * * ntpdate ntp.aliyun.com > /dev/null 2>&1" > /var/spool/cron/root

4.关闭firewalld和selinux

复制代码
[root@elk1 ~]# vim /etc/selinux/config 
SELINUX=disabled

5.关闭交换分区

5.1 临时生效

复制代码
[root@elk1 ~]# swapoff -a

5.2 永久生效

复制代码
[root@elk1 ~]# vim /etc/fstab 
# swap 相关的行

6.调整内存映射区域数限制

6.1 查看当前值

复制代码
[root@elk1 ~]# sysctl vm.max_map_count
vm.max_map_count = 65530

6.2 临时调整

复制代码
[root@elk1 ~]# sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144

6.3 永久调整

复制代码
[root@elk1 ~]# rm -rf /etc/sysctl.d/99-sysctl.conf

[root@elk1 ~]# vim /etc/sysctl.conf 
vm.max_map_count=262144

[root@elk1 ~]# sysctl -p
vm.max_map_count = 262144

7.调整文件、进程、内存资源限制

复制代码
[root@elk1 ~]# vim /etc/security/limits.conf
*    soft    nofile    65536
*    hard    nofile    65536
*    soft    nproc     4096
*    hard    nproc     4096
*    soft    memlock   unlimited
*    hard    memlock   unlimited

二、部署JDK

1. 解压软件

复制代码
[root@elk1 package]# tar zxf jdk-8u281-linux-x64.tar.gz -C /opt/soft/

2. 编辑环境变量

复制代码
[root@elk1 ~]# vim /etc/profile
export JAVA_HOME=/opt/soft/jdk1.8.0_281
export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib

3. 验证结构

复制代码
[root@elk1 ~]# source /etc/profile

[root@elk1 ~]# java -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)

三、部署ES

1. 创建用户

复制代码
[root@elk3 ~]# useradd elastic

2. 创建目录

复制代码
[root@elk1 ~]# mkdir -p /opt/es/data
[root@elk1 ~]# chown -R elastic:elastic /opt/es

3. 解压程序

复制代码
[root@elk1 ~]# su - elastic
[elastic@elk1 ~]$ cd /opt/soft/
[elastic@elk1 soft]$ tar zxf elasticsearch-8.14.0-linux-x86_64.tar.gz -C /opt/es/

4. 创建证书

复制代码
[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-certutil ca
[elastic@elk1 bin]$ ./elasticsearch-certutil cert --ca elastic-stack-ca.p12

5. 编写配置文件

复制代码
[elastic@elk1 config]$ egrep -v "^#|^$" elasticsearch.yml 
cluster.name: elk
node.name: elk1
node.roles: [data,master]
path.data: /opt/es/data
path.logs: /opt/es/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["elk1", "elk2", "elk3"]
cluster.initial_master_nodes: ["elk1"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

6. 启动

复制代码
[elastic@elk1 bin]$ ./elasticsearch -d

7. 配置密码

复制代码
[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin/
[elastic@elk1 bin]$ ./elasticsearch-setup-passwords 

8. 验证

8.1 查看节点状态

复制代码
http://192.168.31.113:9200/_cat/nodes

8.2 查看ES中有哪些用户

复制代码
http://192.168.31.113:9200/_security/user

四、部署Kibana

1. 解压软件并授权

复制代码
[root@elk4 ~]# cd /opt/soft
[root@elk4 soft]# mkdir /opt/kibana
[root@elk4 soft]# tar zxf kibana-8.14.0-linux-x86_64.tar.gz -C /opt/kibana/
[root@elk4 ~]# chown -R elastic:elastic /opt/kibana/

2. 编辑配置文件

复制代码
[root@elk4 ~]# su - elastic
[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/config/
[elastic@elk4 config]$ egrep -v "^#|^$" kibana.yml
server.port: 5601
server.host: "elk4"
elasticsearch.hosts: ["http://elk1:9200","http://elk2:9200","http://elk3:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "1qaz3edc"

3. 启动程序

复制代码
[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/bin/
[elastic@elk4 bin]$ nohup ./kibana &
[elastic@elk4 bin]$ ps -ef | grep node
elastic    1288   1262 92 22:47 pts/0    00:00:16 ./../node/bin/node ./../src/cli/dist

4. 登录验证

复制代码
http://192.168.31.114:5601/

五、部署zookeeper

1. 创建运行目录

复制代码
[root@elk1 ~]# mkdir /opt/zk/{logs,data}

2. 解压软件并授权

复制代码
[root@elk1 soft]# tar zxf apache-zookeeper-3.7.2-bin.tar.gz -C /opt/zk/
[root@elk1 soft]# chown -R elastic:elastic /opt/zk/

3. 切换用户修改配置文件

复制代码
[root@elk1 soft]# su - elastic

[elastic@elk1 ~]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/conf/
[elastic@elk1 conf]$ egrep -v "^$|^#" zoo.cfg 
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/opt/zk/data
dataLogDir=/opt/zk/logs
clientPort=2181
server.1=192.168.31.111:2888:3888
server.2=192.168.31.112:2888:3888
server.3=192.168.31.113:2888:3888

[elastic@elk1 conf]$ cd /opt/zk/data/
[elastic@elk1 data]$ cat myid 
1

4. 启动并验证

复制代码
[elastic@elk1 data]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/bin/
[elastic@elk1 bin]$ ./zkServer.sh start
[elastic@elk1 bin]$ ./zkServer.sh status

六、部署kafka

1. 创建运行目录

复制代码
[root@elk1 ~]# mkdir -p /opt/kafka/logs

2. 解压软件

复制代码
[root@elk1 ~]# tar zxf /opt/soft/kafka_2.13-3.7.1.tgz -C /opt/kafka/

3. 查看kafka对应的zookeeper版本

复制代码
[root@elk1 ~]# cd /opt/kafka/kafka_2.13-3.7.1
[root@elk1 kafka_2.13-3.7.1]# grep zookeeper LICENSE 
zookeeper-3.8.4
zookeeper-jute-3.8.4

4. 修改kafka配置文件

复制代码
[elastic@elk1 config]$ egrep -v "^#|^$" server.properties
broker.id=1
advertised.listeners=PLAINTEXT://elk1:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/opt/kafka/logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.flush.interval.messages=10000
log.flush.interval.ms=1000
log.retention.hours=24
log.retention.check.interval.ms=300000
zookeeper.connect=elk1:2181,elk2:2181,elk3:2181
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0

5. 同步配置文件

复制代码
[root@elk1 config]# scp server.properties root@elk2:`pwd`
[root@elk1 config]# scp server.properties root@elk2:`pwd`

6. 授权

复制代码
chown -R elastic:elastic /opt/kafka/

7. 启动

复制代码
[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/kafka/kafka_2.13-3.7.1
[elastic@elk1 kafka_2.13-3.7.1]$ nohup ./bin/kafka-server-start.sh ./config/server.properties > kafka.log 2>&1 &

8. 验证

复制代码
[elastic@elk1 kafka_2.13-3.7.1]$ jps
2065 Kafka

[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/zk/apache-zookeeper-3.8.4-bin/bin/
[elastic@elk1 bin]$ ./zkCli.sh -server elk1:2181
[zk: elk1:2181(CONNECTED) 2] ls /brokers/ids
[1, 2, 3]
[zk: elk1:2181(CONNECTED) 3] get /brokers/ids/1
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk1:9092"],"jmx_port":-1,"port":9092,"host":"elk1","version":5,"timestamp":"1730647375569"}
[zk: elk1:2181(CONNECTED) 4] get /brokers/ids/2
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk2:9092"],"jmx_port":-1,"port":9092,"host":"elk2","version":5,"timestamp":"1730647484714"}
[zk: elk1:2181(CONNECTED) 5] get /brokers/ids/3
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk3:9092"],"jmx_port":-1,"port":9092,"host":"elk3","version":5,"timestamp":"1730647488343"}

[elastic@elk1 bin]$ pwd
/opt/kafka/kafka_2.13-3.7.1/bin
[elastic@elk1 bin]$ ./kafka-topics.sh --create --topic test --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
Created topic test.
[elastic@elk1 bin]$ ./kafka-topics.sh --list --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
test

知识补充

1. 在ES中创建用户并授权

复制代码
[elastic@elk1 bin]$ pwd
/opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-users useradd test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a superuser test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a kibana_system test
相关推荐
易保山20 分钟前
MIT6.S081 - Lab10 mmap(文件&内存映射)
linux·操作系统·c
禅与Bug的修复艺术30 分钟前
JAVA后端开发常用的LINUX命令总结
java·linux·面试·java面试·后端开发·java后端·面试经验
Cloud_Air7541 小时前
从零开始使用SSH链接目标主机(包括Github添加SSH验证,主机连接远程机SSH验证)
运维·ssh
Hello.Reader1 小时前
基于 Nginx 的 WebSocket 反向代理实践
运维·websocket·nginx
北冥有鱼被烹2 小时前
【微知】/proc中如何查看Linux内核是否允许加载内核模块?(/proc/sys/kernel/modules_disabled)
linux·服务器
爱吃龙利鱼2 小时前
elk中kibana一直处于可用和降级之间且es群集状态并没有问题的解决方法
大数据·elk·elasticsearch
qq_273900232 小时前
CentOS系统防火墙服务介绍
linux·运维·centos
小余吃大鱼2 小时前
CentOS中在线安装Docker(超详细)
linux·docker·centos
程序员JerrySUN2 小时前
驱动开发硬核特训 · Day 19:字符设备驱动实战(控制 LED)
linux·驱动开发
小灰灰__3 小时前
Linux安装ffmpeg7.1操作说明
linux·运维·服务器