According elastic on the argument:
Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.
F. Ilebeat looks better than Logstash, is the next log collection device, ELK ( E Lastic + L ogstash + K ibana) is estimated to be later renamed EFK.
Filebeat use:
1. Download the latest filebeat
Address: https://www.elastic.co/downloads/beats/filebeat then extract to any directory
2, modify filebeat.yml file filebeat under, refer to the following:
filebeat:
prospectors:
-
paths:
- "/var/log/nginx/*.log"
input_type: log
document_type: nginx-access
-
paths:
- "/data/log/order/*.log"
input_type: log
document_type: order-service
-
paths:
- "/opt/service/zhifu/logs/*.log"
input_type: log
document_type: zhifu-service
output:
elasticsearch:
hosts: ["localhost:9200"]
logging:
files:
rotateeverybytes: 10485760
Which hosts the contents, change of address of the actual elasticsearch.
3, set the template elasticsearch of filebeat
curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
Note: The above localhost: 9200 into actual elasticsearch address, followed by a string of filebeat to the root directory of the full path filebeat.template.json, goes well, will return:
{
"acknowledged" : true
}
Presentation template has been received.
4, start
./filebeat -e -c filebeat.yml -d "Publish"
If you can see a bunch of things, this means the log is being sent to the elastic search. Browse: http: //192.168.1.111: 9200 / _search pretty if there's something new return, expressed ok?
After the tests are normal, Ctrl + C to finish, then use
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
Into background, and finally to kibana in, create an index, note pattern is: filebeat- *
Two, kibana login authentication problem
kibana is nodejs developed itself without any security restrictions, will be able to directly access the browser url, if the environment is very insecure public network can be forwarded certified by nginx increase request, as follows:
tips: kibana not restart command to restart only ps -ef | grep node Find nodejs process, kill again.
1, with reference to the following, and modify the configuration file:
server {
listen 80;
server_name elk.yjmyzz.com;
location / {
auth_basic "secret";
auth_basic_user_file /data/nginx/db/passwd.db;
proxy_pass http://localhost:5601;
proxy_set_header Host $host:5601;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
access_log off;
}
The above configuration represents the elk.yjmyzz.com requests forwarded to the server's 5601 port, while using the most basic user name and password to authenticate.
2, configure the login user name and password
htpasswd -c /data/nginx/db/passwd.db user1
Note passwd.db consistent path to keep up nginx configuration, the last user1 user name, you can easily change, after you enter this command, the system prompts for a password, the password to get back in there after passwd.db encrypted , we are interested can look cat.
Tip: htpasswd are apache built-in gadgets, if the command is not found, try installing with yum install httpd
3, turn off the external network access port kibana
After nginx forward, we must remember to configure iptables like firewall to prohibit external direct access to port 5601, which can only be accessed by nginx.
Reference article:
1、http://elk-docker.readthedocs.org/
2、https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html