ELK (elasticsearch, logstash, kibana) can be used as a set of log collection and analysis system, through Ali's popularity there are more and more companies are using, you can also use the function down here documenting a Deployment Guide. For convenience, ELK are deployed in a single os inside.
First, prepare the environment
OS: centos7 (CentOS-7-x86_64-Minimal-1708)
CPU: 1 core
Memory: 4G
CRT can be installed remotely execute commands and transfer files on your windows.
1.1 Installation vim, wget
yum install -y vim wge
Second, install the Java environment
According to the official description,
Elasticsearch requirement is java8 above.
Logstash requirement is that Java 8, does not support Java 9.
yum -y install epel* java
# Java can be viewed with the following command environment variable to take effect the following content appeared to explain the java jdk already have deployed.
jjava -version
Third, the deployment elasticsearch
3.1 yum install elasticsearch
# Get rpm package
wget https:
/
/
artifacts.elastic.co
/
downloads
/
elasticsearch
/
elasticsearch
-
7.1
.
1
-
x86_64.rpm
# Installation
rpm
-
ivh elasticsearch
-
7.1
.
1
-
x86_64.rpm
# Find the installation path
rpm -ql elasticsearch
Usually installed in / usr / share / elasticsearch / lower.
3.2 Set data directory
# Create / data / es-data directory, used to store data elasticsearch
mkdir -p /data/es-data
# Modify the owner of the directory is elasticsearch
chown -R elasticsearch:elasticsearch /data/es-data
3.3 Setting the log directory
# Create / data / es-log directory for storing logs elasticsearch
mkdir -p /log/es-log
# Modify the owner of the directory is elasticsearch
chown -R elasticsearch:elasticsearch /log/es-log
3.4 modify the configuration file elasticsearch.yml
vim /etc/elasticsearch/elasticsearch.yml
Be modified according to the following content, wq save.
3.5 start elasticsearch
# start up
systemctl start elasticsearch
# View status
systemctl status elasticsearch
# Set boot
systemctl enable elasticsearch
3.6 open port 9200
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --reload
3.7 Test whether the installation is successful
# Install net-tools
yum install -y net-tools
# 9200 to check whether there listening
netstat -antp |grep 9200
curl http://127.0.0.1:9200
Similar content was below normal explained elasticsearch start.
Fourth, deployment logstash
4.1 yum install logstash
# Get rpm package
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.rpm
# Installation
rpm -ivh logstash-6.1.0.rpm
4.2 Setting data directory
# Create / data / ls-data directory, used to store data logstash
mkdir -p /data/ls-data
# Modify the directory is owned by logstash
chown -R logstash:logstash /data/ls-data
4.3 Setting the log directory
# Create / data / ls-log directory for storing logs logstash
mkdir -p /log/ls-log
# Modify the directory is owned by logstash
chown -R logstash:logstash /log/ls-log
4.4 modify the configuration file logstash.yml
vim /etc/logstash/logstash.yml
Be modified according to the following content, wq save.
# 设置数据的存储路径为/data/ls-data
path.data: /data/ls-data
# 设置管道配置文件路径为/etc/logstash/conf.d
path.config: /etc/logstash/conf.d # 设置日志文件的存储路径为/log/ls-log path.logs: /log/ls-log
4.5 启动logstash
# 启动
systemctl start logstash
# 查看状态
systemctl status logstash
# 设置开机启动
systemctl enable logstash
4.6 测试安装是否成功
# 查看下logstash的安装目录
rpm -ql logstash
# 创建一个软连接,每次执行命令的时候不用在写安装路径(yum安装是在/usr/share下)
ln -s /usr/share/logstash/bin/logstash /bin/
# 执行logstash的命令
logstash -e 'input { stdin { } } output { stdout {} }'
等待片刻后出现“The stdin plugin is now waiting for input:”,输入“abc”回车,有返回的输出。
ctrl+c退出。
如果标准输出还有elasticsearch中都需要保留,看下面
# 192.168.12.16是试验elk的ip
/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["192.168.12.16:9200"] } stdout { codec => rubydebug }}'
等待片刻后出现“The stdin plugin is now waiting for input:”,输入“test”回车,返回下面标准的输出。
五、部署kibana
5.1 yum安装kibana
# 获取安装包
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.1.0-x86_64.rpm
# 安装
rpm -ivh kibana-6.1.0-x86_64.rpm
5.2 修改kibana.yml
# 搜索rpm包
rpm -ql kibana
默认是装在/usr/share/kibana/下。
# 修改kibana的配置文件
vim /etc/kibana/kibana.yml
# 修改kibana.xml下面的内容,wq保存。
#kibana page mapping in 5601 port
server.port: 5601 # ip access allows all 5601 Port server.host: " 0.0.0.0 " # ip elasticsearch where and listening address elasticsearch.url: " HTTP: // localhost: 9200 " kibana.index: " .kibana "
5.3 start kibana
# start up
systemctl start kibana
# View status
systemctl status kibana
# Set boot
systemctl enable kibana
5.4 open port 5601
# Set up a firewall
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload