Deploy ELK to build a log server cluster

Deploy the elasticsearch cluster The
first
cluster node configuration The first cluster node modify the host name

Change the SELINUX=permissive in the following file

[root@elk-n1 ~]# vim /etc/security/limits.conf #Modify system limits

• soft nofile 65536 #The maximum number of files that can be opened by a single user (soft limit)
• hard nofile 131072 #The maximum number of files that can be opened by a single user (hard limit)
• soft nproc 4096 #The maximum number of processes available to a single user (soft limit)
• hard nproc 8192 #The maximum number of processes available to a single user (hard limit)
• soft memlock unlimited #Maximum lock memory address space (kb) (soft limit)
• hard memlock unlimited #Maximum lock memory address space (kb) (hard limit)
  [root@elk-n1 ~]#reboot
  install java environment (java environment must be version 1.8 or higher)
  
  
  
  
  
  
  
  #install elasticsearch to
  
  
  create a storage directory for elasticsearch data, and Modify the owner group of the directory
  
  
  Modify the elasticsearch log owner group
  
  Modify the elasticsearch configuration file
  
  
  
  
  
  
  cluster.name: my-elk
  #Set the cluster name node.name: elk-n1
  #Set the node name node.master: true #Master Node
  node.data: true
  #Data node path.data: /var/es-data
  #Modify the path where data is stored path.logs: /var/log/elasticsearch #Modify the path of the logs
  bootstrap.memory_lock: true #Configure memory usage Exchange partition
  network.host: 0.0.0.0
  #Listening network address http.port: 9200 #Open the listening port
  cluster.initial_master_nodes: [“elk-n1”] #Cluster initial master node (Required for version 7.6)
  discovery.zen. ping.unicast.hosts: ["elk-n1","elk-n2"] #Node unicast communication
  http.cors.enabled: true #The following two are the newly added parameters,
  http.cors.allow-origin: “*” #Make the head plug-in can access the es
  firewall configuration
  
  Modify the service configuration file of
  
  
  elasticsearch Start the elasticsearch
  
  
  second group Rally point configuration
  Modify the hostname of the second cluster node.
  
  
  Close SELinux:
  change SELINUX=permissive
  
  
  
  
  [root@elk-n2 ~]#reboot
  install java environment (java environment must be version 1.8 or higher)
  
  
  
  
  
  
  
  install elasticsearch and
  
  create elasticsearch data The storage directory of the directory and modify the owner group of the directory.
  
  
  Modify the log owner group of
  
  elasticsearch. Modify the configuration file of elasticsearch.
  
  
  
  
  
  
  Firewall configuration.
  
  Modify the configuration file of elasticsearch.
  
  
  Start elasticsearch and
  
  
  install the Head plug-in. On the elk-n1 host (the first machine) )
  Install EPEL source
  
  First install phantomjs to
  
  
  
  
  test it
  
  Install Head plugin
  
  
  
  
  
  
  #Install git, download Head plugin
  
  
  
  
  #Install grunt #Install
  
  
  plugin
  
  Configure the Gruntfile.js file under elasticsearch-head
  
  Modify the connect configuration node
  Add the host name
  
  Modify the _site/app.js file
  
  Modify the IP address
  
  Start the head plug-in service (run in the background)
  
  
  Install and configure logstash (where you want to collect the logs, install it where )
  
  
  
  
  Logstash test
  
  Log collection configuration:
  
  
  
  input { file { path => “/var/log/messages” #Collect Linux system log type => “system” start_position => “beginning” } } output { elasticsearch {#output to elasticsearch = the hosts> [ "192.168.60.10:9200"] index => "System - YYYY.MM.DD% {+}" } } start Logstash View log mounting kibana # install # edit /etc/kibana/kibana.yml # start kibana install and configure filebeat # installation
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  #Edit/etc/filebeat/filebeat.yml #Start filebeat to deploy
  
  
  
  
  
  
  Logstash
  
  on the ELK-n2 server, and the Java environment is also required #Install the
  java environment (java environment must be version 1.8 or higher)
  
  
  
  
  
  
  Install Apache and Logstash
  
  
  
  #Install Logstash #Edit
  
  
  
  
  
  configuration /etc/logstash/conf.d/apache_access.conf
  
  
  input { file { path => “/var/log/httpd/access_log” type => “Apache_access” start_position => “beginning” } } output { elasticsearch { action => "Index" hosts => ["192.168.60.10:9200"] index => "apache_access-%{+YYYY.MM.dd}" } } Edit configuration /etc/logstash/conf.d/apache_error.conf input { file { path => “/etc/httpd/logs/error_log”
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  type => "Apache_error"
  start_position => "beginning"
  }
  }
  output { elasticsearch { action => "index" hosts => ["192.168.60.10:9200"] index => "apache_error-%{+YYYY.MM.dd }” } } Start the Logstash test or start Logstash, and verify on the ESK host, don’t forget the firewall settings Kibana page