centos7 deployment ELK log system

ELK (elasticsearch, logstash, kibana) can be used as a set of log collection and analysis system, through Ali's popularity there are more and more companies are using, you can also use the function down here documenting a Deployment Guide. For convenience, ELK are deployed in a single os inside.

First, prepare the environment

 OS: centos7 (CentOS-7-x86_64-Minimal-1708)

 CPU: 1 core

 Memory: 4G

 

 CRT can be installed remotely execute commands and transfer files on your windows.

1.1 Installation vim, wget

 

yum install -y vim wge

Second, install the Java environment

 According to the official description,

 Elasticsearch requirement is java8 above.

 Logstash requirement is that Java 8, does not support Java 9.

yum -y install epel* java

 # Java can be viewed with the following command environment variable to take effect the following content appeared to explain the java jdk already have deployed.

jjava -version

Third, the deployment elasticsearch

 3.1 yum install elasticsearch

 # Get rpm package

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.1-x86_64.rpm

 # Installation

rpm -ivh elasticsearch-7.1.1-x86_64.rpm

 # Find the installation path

rpm -ql elasticsearch

Usually installed in / usr / share / elasticsearch / lower.

 

 3.2 Set data directory

 # Create / data / es-data directory, used to store data elasticsearch 

mkdir -p /data/es-data

 # Modify the owner of the directory is elasticsearch

chown -R elasticsearch:elasticsearch /data/es-data

 

 3.3 Setting the log directory

 # Create / data / es-log directory for storing logs elasticsearch

mkdir -p /log/es-log

 # Modify the owner of the directory is elasticsearch 

chown -R elasticsearch:elasticsearch /log/es-log

 

 3.4 modify the configuration file elasticsearch.yml

vim /etc/elasticsearch/elasticsearch.yml

 

 Be modified according to the following content, wq save. 

# Set up the data stored in the path / data / es-data

path.data: /data/es-data

 

# Set path logs log / log / es-log

path.logs: /log/es-log

 

# Set unused memory swap

bootstrap.memory_lock: false

 

# Configure the trigger 9200 but will not be listening when bootstrap.memory_lock is true, for unknown reasons

 

# Set the connection can allow all ip elasticsearch

network.host: 0.0.0.0

 

# Open listening port 9200

http.port: 9200

 

# Add new parameters, in order to allow elasticsearch-head plug can be accessed es (5.x version, if not you can manually add your own)

http.cors.enabled: true

http.cors.allow-origin: "*"

 

 3.5 start elasticsearch

 # start up

systemctl start elasticsearch

 # View status

systemctl status elasticsearch

 # Set boot

systemctl enable elasticsearch

 

 3.6 open port 9200

firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --reload

 

 3.7 Test whether the installation is successful

 # Install net-tools 

yum install -y net-tools

 # 9200 to check whether there listening

netstat -antp |grep 9200

 

curl http://127.0.0.1:9200

  Similar content was below normal explained elasticsearch start.

   

---

Fourth, deployment logstash

 4.1 yum install logstash

 # Get rpm package 

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.rpm

 # Installation 

rpm -ivh logstash-6.1.0.rpm

 

 4.2 Setting data directory

 # Create / data / ls-data directory, used to store data logstash 

mkdir -p /data/ls-data

 # Modify the directory is owned by logstash

chown -R logstash:logstash /data/ls-data

 

 4.3 Setting the log directory

 # Create / data / ls-log directory for storing logs logstash

mkdir -p /log/ls-log

 # Modify the directory is owned by logstash

chown -R logstash:logstash /log/ls-log

 

 4.4 modify the configuration file logstash.yml

vim /etc/logstash/logstash.yml

 

 Be modified according to the following content, wq save.

# 设置数据的存储路径为/data/ls-data
path.data: /data/ls-data

# 设置管道配置文件路径为/etc/logstash/conf.d
path.config: /etc/logstash/conf.d # 设置日志文件的存储路径为/log/ls-log path.logs: /log/ls-log

 

 4.5 启动logstash

 # 启动

systemctl start logstash

 # 查看状态

systemctl status logstash

 # 设置开机启动 

systemctl enable logstash

 

 4.6 测试安装是否成功

 # 查看下logstash的安装目录

rpm -ql logstash

 # 创建一个软连接，每次执行命令的时候不用在写安装路径（yum安装是在/usr/share下）

ln -s /usr/share/logstash/bin/logstash /bin/

 # 执行logstash的命令

logstash -e 'input { stdin { } } output { stdout {} }'

 等待片刻后出现“The stdin plugin is now waiting for input:”，输入“abc”回车，有返回的输出。

 

 ctrl+c退出。 

 

 如果标准输出还有elasticsearch中都需要保留，看下面

 # 192.168.12.16是试验elk的ip

 /usr/share/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["192.168.12.16:9200"] } stdout { codec => rubydebug }}'

 

 等待片刻后出现“The stdin plugin is now waiting for input:”，输入“test”回车，返回下面标准的输出。

  

---

 五、部署kibana

 5.1 yum安装kibana

 # 获取安装包

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.1.0-x86_64.rpm

 # 安装

rpm -ivh kibana-6.1.0-x86_64.rpm

 

 5.2 修改kibana.yml

 # 搜索rpm包

rpm -ql kibana

 默认是装在/usr/share/kibana/下。

 

 # 修改kibana的配置文件

vim /etc/kibana/kibana.yml

 

 # 修改kibana.xml下面的内容，wq保存。

#kibana page mapping in 5601 port 
server.port: 5601 # ip access allows all 5601 Port 
server.host: " 0.0.0.0 " # ip elasticsearch where and listening address elasticsearch.url: " HTTP: // localhost: 9200 " kibana.index: " .kibana "

 

 5.3 start kibana

  # start up 

systemctl start kibana

 # View status 

systemctl status kibana

 # Set boot 

systemctl enable kibana

 

 5.4 open port 5601

  # Set up a firewall 

firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload