Deploy the elasticsearch cluster The
first
cluster node configuration The first cluster node modify the host name
Change the SELINUX=permissive in the following file
[root@elk-n1 ~]# vim /etc/security/limits.conf #Modify system limits
- soft nofile 65536 #The maximum number of files that can be opened by a single user (soft limit)
- hard nofile 131072 #The maximum number of files that can be opened by a single user (hard limit)
- soft nproc 4096 #The maximum number of processes available to a single user (soft limit)
- hard nproc 8192 #The maximum number of processes available to a single user (hard limit)
- soft memlock unlimited #Maximum lock memory address space (kb) (soft limit)
- hard memlock unlimited #Maximum lock memory address space (kb) (hard limit)
[root@elk-n1 ~]#reboot
install java environment (java environment must be version 1.8 or higher)
#install elasticsearch to
create a storage directory for elasticsearch data, and Modify the owner group of the directory
Modify the elasticsearch log owner group
Modify the elasticsearch configuration file
cluster.name: my-elk
#Set the cluster name node.name: elk-n1
#Set the node name node.master: true #Master Node
node.data: true
#Data node path.data: /var/es-data
#Modify the path where data is stored path.logs: /var/log/elasticsearch #Modify the path of the logs
bootstrap.memory_lock: true #Configure memory usage Exchange partition
network.host: 0.0.0.0
#Listening network address http.port: 9200 #Open the listening port
cluster.initial_master_nodes: [“elk-n1”] #Cluster initial master node (Required for version 7.6)
discovery.zen. ping.unicast.hosts: ["elk-n1","elk-n2"] #Node unicast communication
http.cors.enabled: true #The following two are the newly added parameters,
http.cors.allow-origin: “*” #Make the head plug-in can access the es
firewall configuration
Modify the service configuration file of
elasticsearch Start the elasticsearch
second group Rally point configuration
Modify the hostname of the second cluster node.
Close SELinux:
change SELINUX=permissive
[root@elk-n2 ~]#reboot
install java environment (java environment must be version 1.8 or higher)
install elasticsearch and
create elasticsearch data The storage directory of the directory and modify the owner group of the directory.
Modify the log owner group of
elasticsearch. Modify the configuration file of elasticsearch.
Firewall configuration.
Modify the configuration file of elasticsearch.
Start elasticsearch and
install the Head plug-in. On the elk-n1 host (the first machine) )
Install EPEL source
First install phantomjs to
test it
Install Head plugin
#Install git, download Head plugin
#Install grunt #Install
plugin
Configure the Gruntfile.js file under elasticsearch-head
Modify the connect configuration node
Add the host name
Modify the _site/app.js file
Modify the IP address
Start the head plug-in service (run in the background)
Install and configure logstash (where you want to collect the logs, install it where )
Logstash test
Log collection configuration:
input { file { path => “/var/log/messages” #Collect Linux system log type => “system” start_position => “beginning” } } output { elasticsearch {#output to elasticsearch = the hosts> [ "192.168.60.10:9200"] index => "System - YYYY.MM.DD% {+}" } } start Logstash View log mounting kibana # install # edit /etc/kibana/kibana.yml # start kibana install and configure filebeat # installation
#Edit/etc/filebeat/filebeat.yml #Start filebeat to deploy
Logstash
on the ELK-n2 server, and the Java environment is also required #Install the
java environment (java environment must be version 1.8 or higher)
Install Apache and Logstash
#Install Logstash #Edit
configuration /etc/logstash/conf.d/apache_access.conf
input { file { path => “/var/log/httpd/access_log” type => “Apache_access” start_position => “beginning” } } output { elasticsearch { action => "Index" hosts => ["192.168.60.10:9200"] index => "apache_access-%{+YYYY.MM.dd}" } } Edit configuration /etc/logstash/conf.d/apache_error.conf input { file { path => “/etc/httpd/logs/error_log”
type => "Apache_error"
start_position => "beginning"
}
}
output { elasticsearch { action => "index" hosts => ["192.168.60.10:9200"] index => "apache_error-%{+YYYY.MM.dd }” } } Start the Logstash test or start Logstash, and verify on the ESK host, don’t forget the firewall settings Kibana page