注:为在Docker环境部署ELKF文件分析系统,并实现日志分析功能做准备;
Elasticsearch版本:6.1.0
ELKF日志分析详细过程
创建工作目录
mkdir -p /root/ELK/elasticsearch
创建并编写Elasticsearch的Dockerfile文件
在elasticsearch目录下使用vim Dockerfile创建如下:
FROM centos:latest
MAINTAINER [email protected]
RUN yum -y install java-1.8.0-openjdk vim telnet lsof
ADD elasticsearch-6.1.0.tar.gz /usr/local
RUN cd /usr/local/elasticsearch-6.1.0/config
RUN mkdir -p /data/behavior/log-node1
RUN mkdir /var/log/elasticsearch
COPY elasticsearch.yml /usr/local/elasticsearch-6.1.0/config/
RUN useradd es && chown -R es:es /usr/local/elasticsearch-6.1.0
RUN chmod +x /usr/local/elasticsearch-6.1.0/bin/*
RUN chown -R es:es /var/log/elasticsearch
RUN chown -R es:es /data/behavior/log-node1
RUN sed -i s/-Xms1g/-Xms2g/g /usr/local/elasticsearch-6.1.0/config/jvm.options
RUN sed -i s/-Xmx1g/-Xmx2g/g /usr/local/elasticsearch-6.1.0/config/jvm.options
EXPOSE 9200
EXPOSE 9300
CMD su es /usr/local/elasticsearch-6.1.0/bin/elasticsearch
上传源码包和配置文件
修改配置文件
构建镜像
docker built -t elasticsearc .
