第一步 参考此篇文章安装:如何在Ubuntu 18.04上安装Elasticsearch,Logstash和Kibana(弹性)
参考上面的文章安装时,特别注意:
如果没有域名,且不安装TLS / SSL证书,则可以跳过以下部分
域名部分用IP代替即可
因为上文是将全部软件安装在一台服务器上,而实际中,我们肯定不只一台服务器需要收集日志,所以,文中的localhost全部用IP代替,以便其他需要收集日志且安装有filebeat的服务器可以通过IP访问Elasticsearch,Logstash,Kibana所在的服务器。
此外,由于Elastic Stack用于访问您不希望未经授权的用户访问的有关您的服务器的有价值信息,因此通过安装TLS / SSL证书来保证服务器安全非常重要。 这是可选的,但强烈鼓励 。
但是,因为您将在本指南的过程中最终对Nginx服务器块进行更改,所以在本教程的第二步结束时完成Ubuntu 18.04上的Let's Encrypt指南可能更有意义。 考虑到这一点,如果您计划在服务器上配置Let's Encrypt,在执行此操作之前,您将需要以下内容:
完全限定的域名(FQDN)。 本教程将始终使用example.com 。 您可以在Namecheap上购买域名,在Freenom上免费获取一个域名,或使用您选择的域名注册商。
为您的服务器设置了以下两个DNS记录。 您可以按照DigitalOcean DNS的介绍了解有关如何添加它们的详细信息。
带有example.com的A记录,指向服务器的公共IP地址。
带有www. example.com的A记录www. example.com www. example.com指向您服务器的公共IP地址。
在安装kibanna的服务器上增加以下配置:
$ sudo nano /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.20.12.2"
elasticsearch.hosts: ["http://10.20.12.2:9200"]
$ grep ^[a-Z] /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.20.12.2"
elasticsearch.hosts: ["http://10.20.12.2:9200"]
# 更改配置文件后,重启
$ sudo systemctl restart kibana
第二步 在需要收集日志的服务器上安装filebeat
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
$ sudo apt update
$ sudo apt install filebeat
$ sudo filebeat modules enable system
$ sudo filebeat modules enable nginx
$ sudo filebeat modules list
输出结果
Enabled:
nginx
system
Disabled:
apache2
auditd
elasticsearch
haproxy
icinga
iis
iptables
kafka
kibana
logstash
mongodb
mysql
osquery
postgresql
redis
suricata
traefik
$ sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["10.20.12.2:9200"]'
Loaded index template
$ sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['10.20.12.2:9200'] -E setup.kibana.host=10.20.12.2:5601
输出结果
2020-01-29T11:10:13.441+0800 INFO instance/beat.go:611 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2020-01-29T11:10:13.442+0800 INFO instance/beat.go:280 Setup Beat: filebeat; Version: 6.8.6
2020-01-29T11:10:13.443+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T11:10:13.443+0800 INFO [publisher] pipeline/module.go:110 Beat name: latest1.cuhk.edu.cn
2020-01-29T11:10:13.444+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T11:10:13.449+0800 INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.8.6
2020-01-29T11:10:13.518+0800 INFO template/load.go:128 Template already exists and will not be overwritten.
2020-01-29T11:10:13.520+0800 INFO instance/beat.go:889 Template successfully loaded.
Loaded index template
Loading dashboards (Kibana must be running and reachable)
2020-01-29T11:10:13.522+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T11:10:13.527+0800 INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.8.6
2020-01-29T11:10:13.560+0800 INFO kibana/client.go:118 Kibana url: http://10.20.12.2:5601
2020-01-29T11:10:16.450+0800 INFO add_cloud_metadata/add_cloud_metadata.go:340 add_cloud_metadata: hosting provider type not detected.
2020-01-29T11:10:46.657+0800 INFO instance/beat.go:736 Kibana dashboards successfully loaded.
Loaded dashboards
2020-01-29T11:10:46.657+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T11:10:46.663+0800 INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.8.6
2020-01-29T11:10:46.710+0800 INFO kibana/client.go:118 Kibana url: http://10.20.12.2:5601
2020-01-29T11:10:46.768+0800 WARN fileset/modules.go:388 X-Pack Machine Learning is not enabled
2020-01-29T11:10:46.823+0800 WARN fileset/modules.go:388 X-Pack Machine Learning is not enabled
2020-01-29T11:10:46.860+0800 WARN fileset/modules.go:388 X-Pack Machine Learning is not enabled
Loaded machine learning job configurations
$ sudo systemctl start filebeat
$ sudo systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
$ curl -XGET 'http://10.20.12.2:9200/filebeat-*/_search?pretty'
输出结果
{
"took" : 19,
"timed_out" : false,
"_shards" : {
"total" : 33,
"successful" : 33,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 52820,
"max_score" : 1.0,
"hits" : [
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "JE307m8B73E0dK26jnJq",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18020",
"message" : "pam_unix(cron:session): session opened for user www-data by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:12:01"
}
},
"offset" : 398,
"fileset" : {
"module" : "system",
"name" : "auth"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:12:01.000Z",
"host" : {
"os" : {
"family" : "debian",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"version" : "18.04.2 LTS (Bionic Beaver)"
},
"containerized" : false,
"architecture" : "x86_64",
"id" : "c7a08a8bc6204428ac4111b274341873",
"name" : "latest1.cuhk.edu.cn"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "LE307m8B73E0dK26jnJq",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18050",
"message" : "pam_unix(cron:session): session closed for user www-data",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:13:04"
}
},
"offset" : 702,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"event" : {
"dataset" : "system.auth"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:13:04.000Z",
"host" : {
"os" : {
"version" : "18.04.2 LTS (Bionic Beaver)",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"family" : "debian"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "gk307m8B73E0dK26jnJq",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18127",
"message" : "pam_unix(cron:session): session closed for user www-data",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:15:04"
}
},
"offset" : 1291,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"event" : {
"dataset" : "system.auth"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:15:04.000Z",
"host" : {
"os" : {
"family" : "debian",
"codename" : "bionic",
"name" : "Ubuntu",
"platform" : "ubuntu",
"version" : "18.04.2 LTS (Bionic Beaver)"
},
"containerized" : false,
"architecture" : "x86_64",
"id" : "c7a08a8bc6204428ac4111b274341873",
"name" : "latest1.cuhk.edu.cn"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "tU307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18189",
"message" : "pam_unix(cron:session): session opened for user root by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:17:01"
}
},
"offset" : 1584,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:17:01.000Z",
"host" : {
"os" : {
"family" : "debian",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"version" : "18.04.2 LTS (Bionic Beaver)"
},
"containerized" : false,
"architecture" : "x86_64",
"id" : "c7a08a8bc6204428ac4111b274341873",
"name" : "latest1.cuhk.edu.cn"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "wE307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18190",
"message" : "pam_unix(cron:session): session opened for user www-data by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:17:01"
}
},
"offset" : 1685,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:17:01.000Z",
"host" : {
"os" : {
"platform" : "ubuntu",
"name" : "Ubuntu",
"codename" : "bionic",
"version" : "18.04.2 LTS (Bionic Beaver)",
"family" : "debian"
},
"containerized" : false,
"architecture" : "x86_64",
"id" : "c7a08a8bc6204428ac4111b274341873",
"name" : "latest1.cuhk.edu.cn"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "10307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18252",
"message" : "pam_unix(cron:session): session closed for user www-data",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:19:04"
}
},
"offset" : 2278,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:19:04.000Z",
"host" : {
"os" : {
"platform" : "ubuntu",
"name" : "Ubuntu",
"codename" : "bionic",
"version" : "18.04.2 LTS (Bionic Beaver)",
"family" : "debian"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "2k307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18284",
"message" : "pam_unix(cron:session): session opened for user www-data by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:20:01"
}
},
"offset" : 2372,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:20:01.000Z",
"host" : {
"os" : {
"version" : "18.04.2 LTS (Bionic Beaver)",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"family" : "debian"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "5E307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18314",
"message" : "pam_unix(cron:session): session opened for user www-data by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:21:01"
}
},
"offset" : 2571,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"event" : {
"dataset" : "system.auth"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:21:01.000Z",
"host" : {
"os" : {
"platform" : "ubuntu",
"name" : "Ubuntu",
"codename" : "bionic",
"version" : "18.04.2 LTS (Bionic Beaver)",
"family" : "debian"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "5k307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18314",
"message" : "pam_unix(cron:session): session closed for user www-data",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:21:07"
}
},
"offset" : 2676,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"event" : {
"dataset" : "system.auth"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:21:07.000Z",
"host" : {
"os" : {
"family" : "debian",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"version" : "18.04.2 LTS (Bionic Beaver)"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
},
{
"_index" : "filebeat-6.8.6-2020.01.19",
"_type" : "doc",
"_id" : "6E307m8B73E0dK26j3Jv",
"_score" : 1.0,
"_source" : {
"system" : {
"auth" : {
"pid" : "18344",
"message" : "pam_unix(cron:session): session opened for user www-data by (uid=0)",
"hostname" : "latest1",
"program" : "CRON",
"timestamp" : "Jan 20 00:22:01"
}
},
"offset" : 2770,
"fileset" : {
"name" : "auth",
"module" : "system"
},
"event" : {
"dataset" : "system.auth"
},
"beat" : {
"name" : "latest1.cuhk.edu.cn",
"hostname" : "latest1.cuhk.edu.cn",
"version" : "6.8.6"
},
"tags" : [
"beats_input_codec_plain_applied",
"_geoip_lookup_failure"
],
"log" : {
"file" : {
"path" : "/var/log/auth.log.1"
}
},
"@version" : "1",
"@timestamp" : "2020-01-19T16:22:01.000Z",
"host" : {
"os" : {
"family" : "debian",
"name" : "Ubuntu",
"codename" : "bionic",
"platform" : "ubuntu",
"version" : "18.04.2 LTS (Bionic Beaver)"
},
"containerized" : false,
"architecture" : "x86_64",
"name" : "latest1.cuhk.edu.cn",
"id" : "c7a08a8bc6204428ac4111b274341873"
},
"input" : {
"type" : "log"
},
"source" : "/var/log/auth.log.1",
"prospector" : {
"type" : "log"
}
}
}
]
}
}
# 啥都不改,就看看
$ cat /etc/filebeat/modules.d/nginx.yml
输出结果
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
```bash
# 注释掉一下部分:
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# 去除以下部分的注释:
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["10.20.12.2:5044"]
# 查看确认
$ sudo cat /etc/filebeat/filebeat.yml
# 重启filebeat
$ sudo systemctl restart filebeat
报错锦集
报错一:kibana登录出错,查看日志发现:crypt_r() failed
$ cat /var/log/nginx/error.log
2020/01/28 12:11:38 [crit] 8863#8863: *3 crypt_r() failed (22: Invalid argument), client: 10.20.44.113, server: 10.20.12.2, request: "GET /status HTTP/1.1", host: "10.20.12.2"
原因分析
# 最初创建用户时,我已经犯规了。结果,htpasswd文件如下所示:
$ cat /etc/nginx/htpasswd.users
kibanaadmin:
kibanaadmin:$apr1$sNJR/eWP$4YZjLMfSka13/UfkLH2.J.
解决方法
# 删除空白用户后,一切正常。
$ sudo nano /etc/nginx/htpasswd.users
$ cat /etc/nginx/htpasswd.users
kibanaadmin:$apr1$sNJR/eWP$4YZjLMfSka13/UfkLH2.J.
报错二:安装有filebeat采集日志的服务器上连接elasticsearch失败
Failed to connect to xx.xx.xx.xx port 9200: Connection refused
# 报错详细
$ sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["10.20.12.2:9200"]'
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://10.20.12.2:9200: Get http://10.20.12.2:9200: dial tcp 10.20.12.2:9200: connect: connection refused]
$ curl -XGET 'http://10.20.12.2:9200/filebeat-*/_search?pretty'
curl: (7) Failed to connect to 10.20.12.2 port 9200: Connection refused
解决方法 :替换elasticsearch 配置文件 中的 localhost为IP
$ sudo nano /etc/logstash/conf.d/30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["10.20.12.2:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
报错三:curl http://10.20.12.2:5601时报错:Kibana server is not ready yet
报错四:fail to get the Kibana version: HTTP GET request to /api/status fails
报错详细
sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['10.20.12.2:9200'] -E setup.kibana.host=10.20.12.2:5601
2020-01-29T10:25:38.245+0800 INFO instance/beat.go:280 Setup Beat: filebeat; Version: 6.8.6
2020-01-29T10:25:38.246+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T10:25:38.246+0800 INFO [publisher] pipeline/module.go:110 Beat name: elk
2020-01-29T10:25:38.246+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T10:25:38.278+0800 INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.8.6
2020-01-29T10:25:38.396+0800 INFO template/load.go:128 Template already exists and will not be overwritten.
2020-01-29T10:25:38.396+0800 INFO instance/beat.go:889 Template successfully loaded.
Loaded index template
Loading dashboards (Kibana must be running and reachable)
2020-01-29T10:25:38.396+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://10.20.12.2:9200
2020-01-29T10:25:38.398+0800 INFO elasticsearch/client.go:739 Attempting to connect to Elasticsearch version 6.8.6
2020-01-29T10:25:38.495+0800 INFO kibana/client.go:118 Kibana url: http://10.20.12.2:5601
2020-01-29T10:25:38.495+0800 ERROR instance/beat.go:906 Exiting: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get http://10.20.12.2:5601/api/status: dial tcp 10.20.12.2:5601: connect: connection refused. Response: .
Exiting: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get http://10.20.12.2:5601/api/status: dial tcp 10.20.12.2:5601: connect: connection refused. Response: .
报错三和报错四的解决方法:在安装kibanna的服务器上增加以下配置:
$ sudo nano /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.20.12.2"
elasticsearch.hosts: ["http://10.20.12.2:9200"]
$ grep ^[a-Z] /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.20.12.2"
elasticsearch.hosts: ["http://10.20.12.2:9200"]
# 更改配置文件后,重启
$ sudo systemctl restart kibana
其他安装参考
在elk服务器上预先安装java全过程
elk@elk:~$ sudo apt update
elk@elk:~$ java -version
Command 'java' not found, but can be installed with:
sudo apt install default-jre
sudo apt install openjdk-11-jre-headless
sudo apt install openjdk-8-jre-headless
elk@elk:~$ sudo apt install default-jre
elk@elk:~$ java -version
openjdk version "11.0.5" 2019-10-15
OpenJDK Runtime Environment (build 11.0.5+10-post-Ubuntu-0ubuntu1.118.04)
OpenJDK 64-Bit Server VM (build 11.0.5+10-post-Ubuntu-0ubuntu1.118.04, mixed mode, sharing)
elk@elk:~$ sudo apt install default-jdk
elk@elk:~$ javac -version
javac 11.0.5
elk@elk:~$ cat /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64/bin/java"
elk@elk:~$ source /etc/environment
elk@elk:~$ echo $JAVA_HOME
/usr/lib/jvm/java-11-openjdk-amd64/bin/java
在elk服务器上预先安装ngnix全过程
elk@elk:~$ sudo mkdir -p /var/www/elk/html
elk@elk:~$ sudo chown -R $USER:$USER /var/www/elk/html
elk@elk:~$ sudo chmod -R 755 /var/www/elk
elk@elk:~$ nano /var/www/elk/html/index.html
elk@elk:~$ hostname
elk
elk@elk:~$ sudo nano /etc/nginx/sites-available/elk
elk@elk:~$ include /etc/nginx/conf.d/*.conf;
include: command not found
elk@elk:~$ include /etc/nginx/sites-enabled/*;
include: command not found
elk@elk:~$ cat /etc/nginx/nginx.conf
输出结果
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
elk@elk:~$ sudo ln -s /etc/nginx/sites-available/elk /etc/nginx/sites-enabled/
elk@elk:/etc/nginx/sites-available$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
elk@elk:/etc/nginx/sites-available$ sudo systemctl restart nginx
