ELK version: elasticsearch- 5.2 . 2 kibana- 5.2 . 2 logstash- 2.4 . 1 All plugins Deployment environment for a single server is not configured cluster First, download the official website address: HTTPS: // www.elastic.co/downloads Two, elasticsearch installation 1 , due to the need to install ELK jdk, so there is no jdk, first install the 1.8 version of the above [root@ELK-1 ~]# rpm -ivh jdk-8u121-linux-x64.rpm 2 , download and install Elasticsearch [root@ELK-1 ~]# rpm -ivh elasticsearch-5.2.2.rpm 3 , edit the configuration file, the main change following items [root @ ELK - 1 ~] # vi / etc / elasticsearch / elasticsearch.yml Path.Data: / the Data / elasticsearch log storage directory # path.logs: / Data / elasticsearch / log log path start #elasticsearch network.host: 10.10 . 10.1 # Here is the host IP http.port: 9200 #api Interface url bootstrap.memory_lock: false # does not lock memory bootstrap.system_call_filter: false # need to add their own 4 , create a configuration folder after start [ELK the root @ - . 1 ~] # mkdir -pv / Data / elasticsearch / log . 5 , modify their user folders [root @ ELK - 1 # ELAS grep / etc / ~] user is automatically created when you view the installation elasticsearch passwd # [ELK the root @ - . 1 ~]. # chown -R & lt elasticsearch / Data / #elasticsearch need to use the user starts to avoid an error 6 , modify the contents of the parameters, otherwise it will error [ELK the root @ - . 1 ~] # Vim / etc / Security / the limits.conf # in the last few lines of the document, modify the configuration is as follows: soft core unlimited hard core unlimited soft nofile 65536 hard nofile 131072 soft nproc 2048 hard nproc 4096 [ELK the root @ - . 1 ~] # Vim / etc / the sysctl.conf # add the following at the bottom: vm.max_map_count=655360 [ELK root @ - 1 ~] # vi /etc/security/limits.d/ 90 - nproc.conf Found the following: soft nproc 1024 change into soft nproc 2048 [root@ELK-1 ~]# sysctl -p 7 , start elasticsearch [root@ELK-1 ~]# service elasticsearch start Three, Kibana installation 1 , download and install Kibana [root @ ELK - 1 ~] # rpm -ivh kibana- 5.2 . 2 - x86_64.rpm 2 , edit the configuration file, the main changes are as follows [ELK root @ - 1 ~] # vi / opt / Kibana / config / kibana.yml server.port: 5601 server.host: "10.10.10.10" elasticsearch.url: "http://10.10.10.10:9200" kibana.index: ".kibana“ 3 , start and check whether the installation was successful [root @ ELK - 1 ~ ] # service Kibana start [root @ ELK - 1 ~] # netstat -ntlp | grep 5601 # 5601 to check whether the listener Four, Logstash installation 1 , download and install Logstash [root@ELK-1 ~]# rpm -ivh logstash-2.4.1.noarch.rpm # The default installation location: / opt / logstash 2 , create a profile # Configuration file locations: / etc / logstash / conf.d logstash the syslog configuration is as follows: [root @ ELK - 1 ~] # cd / etc / logstash / conf.d [ELK root @ - 1 ~ ] # vi syslog.conf Add the following: input { syslog { port => "514" } } output { elasticsearch { hosts => ["10.10.10.10:9200"] index => "logstash_syslog-%{+YYYY.MM.dd}" } } 3 , start logstash [root @ ELK - 1 ~ ] # # Service rsyslog STOP to turn off the original system syslog service, or will occupy 514 port [root@ELK-1 ~]# nohup /opt/logstash/bin/logstash -f syslog.conf # To add a final index pattern called logstashsyslog will be able to use it on Management on kibana Five, kibana web management interface configuration 1 , open HTTP: // 10.10.10.10:5601/
2. start using
References:
Reference article:
https://jeffrycheng.com/2017/03/15/%E9%80%9A%E8%BF%87elk% E6% 90% the AD% E5% BB% BAsyslog% E5% 92% 8Csflow% E6% 94% B6% E9% 9B% 86% E4% B8% 8E% E5% 88% 86% E6% 9E% 90 /
HTTPS: //segmentfault.com/a/1190000007728789
http://www.cnblogs.com/liaojiafa/p/6139752.html
https://blog.51cto.com/tryingstuff/1888978
ELK collecting network device logs
Guess you like
Origin www.cnblogs.com/vincent-liang/p/12244392.html
Ranking