centos7 es stand-alone configuration, use xpack control authority

Enterprise 2019-11-27 18:48:28 views: null

Environment and related kernel, install java package.

[root@gz3_elk_001 /]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)
[root@gz3_elk_001 /]# yum -y install java
[root@gz3_elk_001 /]# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
[root@gz3_elk_001 /]#  sysctl -p

Here goes the source installed for the convenience of not writing to start the service
if the source installation, you can modify the service into the corresponding directory with the user can

download

[root@gz3_elk_001 /]# cd /usr/local/src
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-x86_64.rpm
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.4.2.rpm
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-x86_64.rpm

Installation and set boot service

[root@gz3_elk_001 /]# cd /usr/local/src
[root@gz3_elk_001 /]# rpm -ivh elasticsearch-7.4.2-x86_64.rpm 
[root@gz3_elk_001 /]# yum -y install logstash-7.4.2.rpm
[root@gz3_elk_001 /]# rpm -ivh kibana-7.4.2-x86_64.rpm 

[root@gz3_elk_001 /]# systemctl enable elasticsearch.service kibana.service logstash.service

First, configure the elasticsearch

Key generation

[root@gz3_elk_001 /]# cd /usr/share/elasticsearch/bin/
[root@gz3_elk_001 /]# ./elasticsearch-certutil cert -out /etc/elasticsearch/elastic-certificates.p12 -pass ""

Here pit, you have to modify the file permissions

[root@gz3_elk_001 /]# chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12

Change setting

[root@gz3_elk_001 /]# cp elasticsearch.yml  elasticsearch.ymlback
[root@gz3_elk_001 /]# cd /etc/elasticsearch
[root@gz3_elk_001 /]# cat elasticsearch.yml|grep -v "#"
cluster.name: elk
node.name: node-1
node.master: true
node.data: true
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.3.44
http.port: 9200
discovery.seed_hosts: ["192.168.3.44"]
cluster.initial_master_nodes: ["192.168.3.44"]

Here there is a pit, had to modify permissions

 [root@gz3_elk_001 /]# chown elasticsearch:elasticsearch /data/elasticsearch

Test start

[root@gz3_elk_001 /]# systemctl restart elasticsearch.service
[root@gz3_elk_001 /]# systemctl status elasticsearch.service

If the error start, the / var / log / elasticsearch / look at the log

That system emphasizes safety, so you need to configure xpack, modify elasticsearch.yml configuration, open xpack

[root@gz3_elk_001 /]# cat /etc/elasticsearch/elasticsearch.yml|grep -v "#"
cluster.name: elk
node.name: node-1
node.master: true
node.data: true
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.3.44
http.port: 9200
discovery.seed_hosts: ["192.168.3.44"]
cluster.initial_master_nodes: ["192.168.3.44"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

Restart systemctl restart elasticsearch.service, and then generate the default password

[root@gz3_elk_001 /]# cd /usr/share/elasticsearch/bin/
[root@gz3_elk_001 /]# ./elasticsearch-setup-passwords auto

Changed password for user apm_system
PASSWORD apm_system = hyyhuxxx

Changed password for user kibana
PASSWORD kibana = HbwFY0xxx

Changed password for user logstash_system
PASSWORD logstash_system = nvrxxx

Changed password for user beats_system
PASSWORD beats_system = VvAhnxxx

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = yGNFRTxxx

Changed password for user elastic
PASSWORD elastic = czF01xx

Remember the above information, the latter use

Second, the configuration kibana

[root@gz3_elk_001 /]# cd /etc/kibana/
[root@gz3_elk_001 /]# cp kibana.yml kibana.ymlback
[root@gz3_elk_001 /]# cat kibana.yml |grep -v "#"|grep -v "^$"
server.port: 5601
server.host: "192.168.3.44"
elasticsearch.hosts: ["http://192.168.3.44:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "kOHyFxxxx"
i18n.locale: "zh-CN"

i18n.locale: "zh-CN" represented by the Chinese version, more friendly interface

III. Configuration logstash

[root@gz3_elk_001 /]# cd /etc/logstash/
[root@gz3_elk_001 /]# cp logstash.yml logstash.ymlback
[root@gz3_elk_001 /]# cd /etc/logstash/conf.d

cat nginx_access.conf

input {
  beats {
    type => "nginx_access"
    port => 5044
  }
}
filter {
  if[type] =="nginx_access" {
    grok {
      match => { "message" => "%{IP:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:time}\] \"%{WORD:method} %{D
ATA:url} HTTP/%{NUMBER:htt
p_version:float}\" %{NUMBER:response_code:int} %{NUMBER:body_sent:int} \"%{DATA:referrer}\" \"%{DATA:agent}\
" \"%{DATA:x_forwarded_
for}\"" }
    remove_field => "message"
  }
  date {
    match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
    target => "@timestamp"
    }
  }
}
output {
  if[type]=="nginx_access"{
    elasticsearch {
      hosts => ["http://192.168.3.44:9200"]
      index => "nginx-access-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "czF01xx"
    }
  }
}

Here logstash_system used this account password, but did not succeed
only elastic account with the highest authority

Verify the configuration is correct

[root@gz3_elk_001 /]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx_access.conf -t

Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-11-27 14:59:29.515 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-11-27 14:59:31.841 [LogStash::Runner] Reflections - Reflections took 56 ms to scan 1 urls, producing 20 keys and 40 values 
Configuration OK
[INFO ] 2019-11-27 14:59:32.487 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

Configuration OK Configuration instructions appear on Ok 

[root@gz3_elk_001 /]# systemctl status logstash.service 
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-11-27 16:12:15 CST; 2min 11s ago

Configuration on the master server with a good, this time can log kibana
use this account password elastic.

centos7 es stand-alone configuration, use xpack control authority

Guess you like

Origin blog.51cto.com/huwei555/2454010
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com