ELK:日志监控平台部署-基于elastic stack 8版本

ELK:日志监控平台部署

前言

简介

最近在学习ELK,已完成了集群的部署,但在部署期间遇到很多问题,从而浪费很长时间,所以想将部署过程记录下来,分享给大家,希望大家少走弯路,加快学习效率,也为自己巩固知识,愿与大家共同成长!

架构

主机名 IP 软件 角色
elk1 192.168.31.111 ES ZK Kafka Filebeat master、data
elk2 192.168.31.112 ES ZK Kafka Filebeat master、data
elk3 192.168.31.113 ES ZK Kafka Filebeat master、data
elk4 192.168.31.114 Logstach Kabina

软件包下载

链接: https://pan.baidu.com/s/1u0C36gwQUN6JbtxDNm3u_A?pwd=YSnb 提取码: YSnb

视频链接(自己录制,原创)

ELK-日志监控平台-部署教程-1-部署前准备工作

https://www.bilibili.com/video/BV1Ts1PYGELu?vd_source=8e069ee61132fd8c52b63a8467883499

一、系统准备工作

1. 配置hosts文件

[root@elk1 ~]# vim /etc/hosts
192.168.31.111 elk1
192.168.31.112 elk2
192.168.31.113 elk3
192.168.31.114 elk4

2. 配置互信免密登录

2.1 生成密钥对

[root@elk1 ~]# ssh-keygen -t rsa

2.2 发送公钥

[root@elk1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@ek2

3.设置NTP时钟同步

3.1 安装ntpdate

[root@elk1 ~]# yum -y install ntpdate

3.2 同步时钟

[root@elk1 ~]# ntpdate ntp.aliyun.com

3.2 配置时钟同步定时任务

[root@elk1 ~]# echo "*/5 * * * * ntpdate ntp.aliyun.com > /dev/null 2>&1" > /var/spool/cron/root

4.关闭firewalld和selinux

[root@elk1 ~]# vim /etc/selinux/config 
SELINUX=disabled

5.关闭交换分区

5.1 临时生效

[root@elk1 ~]# swapoff -a

5.2 永久生效

[root@elk1 ~]# vim /etc/fstab 
# swap 相关的行

6.调整内存映射区域数限制

6.1 查看当前值

[root@elk1 ~]# sysctl vm.max_map_count
vm.max_map_count = 65530

6.2 临时调整

[root@elk1 ~]# sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144

6.3 永久调整

[root@elk1 ~]# rm -rf /etc/sysctl.d/99-sysctl.conf

[root@elk1 ~]# vim /etc/sysctl.conf 
vm.max_map_count=262144

[root@elk1 ~]# sysctl -p
vm.max_map_count = 262144

7.调整文件、进程、内存资源限制

[root@elk1 ~]# vim /etc/security/limits.conf
*    soft    nofile    65536
*    hard    nofile    65536
*    soft    nproc     4096
*    hard    nproc     4096
*    soft    memlock   unlimited
*    hard    memlock   unlimited

二、部署JDK

1. 解压软件

[root@elk1 package]# tar zxf jdk-8u281-linux-x64.tar.gz -C /opt/soft/

2. 编辑环境变量

[root@elk1 ~]# vim /etc/profile
export JAVA_HOME=/opt/soft/jdk1.8.0_281
export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib

3. 验证结构

[root@elk1 ~]# source /etc/profile

[root@elk1 ~]# java -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)

三、部署ES

1. 创建用户

[root@elk3 ~]# useradd elastic

2. 创建目录

[root@elk1 ~]# mkdir -p /opt/es/data
[root@elk1 ~]# chown -R elastic:elastic /opt/es

3. 解压程序

[root@elk1 ~]# su - elastic
[elastic@elk1 ~]$ cd /opt/soft/
[elastic@elk1 soft]$ tar zxf elasticsearch-8.14.0-linux-x86_64.tar.gz -C /opt/es/

4. 创建证书

[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-certutil ca
[elastic@elk1 bin]$ ./elasticsearch-certutil cert --ca elastic-stack-ca.p12

5. 编写配置文件

[elastic@elk1 config]$ egrep -v "^#|^$" elasticsearch.yml 
cluster.name: elk
node.name: elk1
node.roles: [data,master]
path.data: /opt/es/data
path.logs: /opt/es/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["elk1", "elk2", "elk3"]
cluster.initial_master_nodes: ["elk1"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

6. 启动

[elastic@elk1 bin]$ ./elasticsearch -d

7. 配置密码

[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin/
[elastic@elk1 bin]$ ./elasticsearch-setup-passwords 

8. 验证

8.1 查看节点状态

http://192.168.31.113:9200/_cat/nodes

8.2 查看ES中有哪些用户

http://192.168.31.113:9200/_security/user

四、部署Kibana

1. 解压软件并授权

[root@elk4 ~]# cd /opt/soft
[root@elk4 soft]# mkdir /opt/kibana
[root@elk4 soft]# tar zxf kibana-8.14.0-linux-x86_64.tar.gz -C /opt/kibana/
[root@elk4 ~]# chown -R elastic:elastic /opt/kibana/

2. 编辑配置文件

[root@elk4 ~]# su - elastic
[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/config/
[elastic@elk4 config]$ egrep -v "^#|^$" kibana.yml
server.port: 5601
server.host: "elk4"
elasticsearch.hosts: ["http://elk1:9200","http://elk2:9200","http://elk3:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "1qaz3edc"

3. 启动程序

[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/bin/
[elastic@elk4 bin]$ nohup ./kibana &
[elastic@elk4 bin]$ ps -ef | grep node
elastic    1288   1262 92 22:47 pts/0    00:00:16 ./../node/bin/node ./../src/cli/dist

4. 登录验证

http://192.168.31.114:5601/

五、部署zookeeper

1. 创建运行目录

[root@elk1 ~]# mkdir /opt/zk/{logs,data}

2. 解压软件并授权

[root@elk1 soft]# tar zxf apache-zookeeper-3.7.2-bin.tar.gz -C /opt/zk/
[root@elk1 soft]# chown -R elastic:elastic /opt/zk/

3. 切换用户修改配置文件

[root@elk1 soft]# su - elastic

[elastic@elk1 ~]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/conf/
[elastic@elk1 conf]$ egrep -v "^$|^#" zoo.cfg 
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/opt/zk/data
dataLogDir=/opt/zk/logs
clientPort=2181
server.1=192.168.31.111:2888:3888
server.2=192.168.31.112:2888:3888
server.3=192.168.31.113:2888:3888

[elastic@elk1 conf]$ cd /opt/zk/data/
[elastic@elk1 data]$ cat myid 
1

4. 启动并验证

[elastic@elk1 data]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/bin/
[elastic@elk1 bin]$ ./zkServer.sh start
[elastic@elk1 bin]$ ./zkServer.sh status

六、部署kafka

1. 创建运行目录

[root@elk1 ~]# mkdir -p /opt/kafka/logs

2. 解压软件

[root@elk1 ~]# tar zxf /opt/soft/kafka_2.13-3.7.1.tgz -C /opt/kafka/

3. 查看kafka对应的zookeeper版本

[root@elk1 ~]# cd /opt/kafka/kafka_2.13-3.7.1
[root@elk1 kafka_2.13-3.7.1]# grep zookeeper LICENSE 
zookeeper-3.8.4
zookeeper-jute-3.8.4

4. 修改kafka配置文件

[elastic@elk1 config]$ egrep -v "^#|^$" server.properties
broker.id=1
advertised.listeners=PLAINTEXT://elk1:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/opt/kafka/logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.flush.interval.messages=10000
log.flush.interval.ms=1000
log.retention.hours=24
log.retention.check.interval.ms=300000
zookeeper.connect=elk1:2181,elk2:2181,elk3:2181
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0

5. 同步配置文件

[root@elk1 config]# scp server.properties root@elk2:`pwd`
[root@elk1 config]# scp server.properties root@elk2:`pwd`

6. 授权

chown -R elastic:elastic /opt/kafka/

7. 启动

[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/kafka/kafka_2.13-3.7.1
[elastic@elk1 kafka_2.13-3.7.1]$ nohup ./bin/kafka-server-start.sh ./config/server.properties > kafka.log 2>&1 &

8. 验证

[elastic@elk1 kafka_2.13-3.7.1]$ jps
2065 Kafka

[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/zk/apache-zookeeper-3.8.4-bin/bin/
[elastic@elk1 bin]$ ./zkCli.sh -server elk1:2181
[zk: elk1:2181(CONNECTED) 2] ls /brokers/ids
[1, 2, 3]
[zk: elk1:2181(CONNECTED) 3] get /brokers/ids/1
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk1:9092"],"jmx_port":-1,"port":9092,"host":"elk1","version":5,"timestamp":"1730647375569"}
[zk: elk1:2181(CONNECTED) 4] get /brokers/ids/2
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk2:9092"],"jmx_port":-1,"port":9092,"host":"elk2","version":5,"timestamp":"1730647484714"}
[zk: elk1:2181(CONNECTED) 5] get /brokers/ids/3
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk3:9092"],"jmx_port":-1,"port":9092,"host":"elk3","version":5,"timestamp":"1730647488343"}

[elastic@elk1 bin]$ pwd
/opt/kafka/kafka_2.13-3.7.1/bin
[elastic@elk1 bin]$ ./kafka-topics.sh --create --topic test --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
Created topic test.
[elastic@elk1 bin]$ ./kafka-topics.sh --list --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
test

知识补充

1. 在ES中创建用户并授权

[elastic@elk1 bin]$ pwd
/opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-users useradd test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a superuser test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a kibana_system test
相关推荐
TsengOnce8 分钟前
Docker 安装 禅道-21.2版本-外部数据库模式
运维·docker·容器
永卿00120 分钟前
nginx学习总结(不包含安装过程)
运维·nginx·负载均衡
Stark、21 分钟前
【Linux】文件IO--fcntl/lseek/阻塞与非阻塞/文件偏移
linux·运维·服务器·c语言·后端
人类群星闪耀时1 小时前
大模型技术优化负载均衡:AI驱动的智能化运维
运维·人工智能·负载均衡
新手上路狂踩坑1 小时前
Android Studio的笔记--BusyBox相关
android·linux·笔记·android studio·busybox
新时代农民工--小明1 小时前
前端自动化部署更新,自动化打包部署
运维·前端·自动化
一个不秃头的 程序员2 小时前
服务器上加入SFTP------(小白篇 1)
运维·服务器
fnd_LN2 小时前
Linux文件目录 --- 复制命令CP、递归复制目录、软连接、硬链接
linux·运维·服务器
MorleyOlsen2 小时前
【Trick】解决服务器cuda报错——RuntimeError: cuDNN error: CUDNN_STATUS_NOT_INITIALIZED
运维·服务器·深度学习
周周的奇妙编程2 小时前
基于鲲鹏服务器的打砖块小游戏部署
运维·服务器