目录
环境:
192.168.1.4
jdk
elasticsearch
kibana
192.168.1.5
jdk
logstash
1 时间同步
yum -y install ntpdate
ntpdate pool.ntp.org2 防火墙
systemctl stop firewalld
setenforce 03 解压压缩包
yum -y install unzip
unzip ELK.zip4 安装jdk
rpm -ivh jdk-8u131-linux-x64_.rpm验证:
java -version5 安装elasticsearch
yum -y install elasticsearch-6.6.2.rpm编辑主配置文件:
vim /etc/elasticsearch/elasticsearch.yml
[root@bogon ELK]# cat /etc/elasticsearch/elasticsearch.yml |grep -v "^#"
cluster.name: wg007
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.4
http.port: 92006 运行服务elasticsearch
systemctl enable elasticsearch
systemctl start elasticsearch验证服务:
9200:给客户端连接使用的
9300:给集群内部通信使用的
[root@bogon ELK]# netstat -lptnu|grep java
tcp6 0 0 192.168.1.4:9200 :::* LISTEN 14671/java
tcp6 0 0 192.168.1.4:9300 :::* LISTEN 14671/java 7 安装logstash
yum -y install logstash-6.6.0.rpm8 编辑messages.conf
input {
file {
path => "/var/log/messages"
type => "msg-log"
start_position => "beginning"
}
}
output{
elasticsearch {
hosts => "192.168.1.4:9200"
index => "msg_log-%{+YYYY.MM.dd}"
}
}9 开启服务logstash
systemctl enable logstash
systemctl start logstash验证:
[root@bogon conf.d]# netstat -lptnu|grep java
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 5453/java问题1:权限
chmod 777 /var/log -R10 查看index是否创建成功
方法1:
tailf /var/log/elasticsearch/wg007.log方法2:
curl -X GET http://192.168.1.4:9200/_cat/indices?v11 安装kibana
yum -y install kibana-6.6.2-x86_64.rpm12 编辑vim /etc/kibana/kibana.yml
[root@bogon ELK]# cat /etc/kibana/kibana.yml |grep -v "^#"|sed '/^$/d'
server.port: 5601
server.host: "192.168.1.4"
elasticsearch.hosts: ["http://192.168.1.4:9200"]13 开启服务kibana
systemctl enable kibana
systemctl start kibana验证服务:
[root@bogon ELK]# netstat -lptnu|grep node
tcp 0 0 192.168.1.4:5601 0.0.0.0:* LISTEN 16172/node 14 编辑pipelines.yml
[root@bogon logstash]# vim pipelines.yml
- pipeline.id: msg
path.config: "/etc/logstash/conf.d/messages.conf"
- pipeline.id: sec
path.config: "/etc/logstash/conf.d/secure.conf"