码迷,mamicode.com
首页 > 其他好文 > 详细

ELK日志分析平台部署实录

时间:2018-03-01 17:15:41      阅读:124      评论:0      收藏:0      [点我收藏+]

标签:linux   elk   

[root@king01 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

[root@king01 ~]# vim /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-5.x]

name=Elasticsearch repository for 5.x packages

baseurl=https://artifacts.elastic.co/packages/5.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md


[root@king01 ~]# cd /usr/local/src

[root@king01 src]# tar zxvf jdk-8u161-linux-x64.tar.gz

[root@king01 src]# mv jdk1.8.0_161 /usr/local


[root@king01 src]# vi /etc/profile

JAVA_HOME=/usr/local/jdk1.8.0_161

JAVA_BIN=/usr/local/jdk1.8.0_161/bin

PATH=$PATH:$JAVA_BIN

CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

export JAVA_HOME JAVA_BIN PATH CLASSPATH

export LD_LIBRARY_PATH=/usr/local/apr/lib


[root@king01 ~]# java -version

java version "1.8.0_161"

Java(TM) SE Runtime Environment (build 1.8.0_161-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)


[root@king01 ~]# yum install -y elasticsearch

[root@king01 ~]# mkdir /usr/local/es-data

[root@king01 ~]# chown -R elasticsearch:elasticsearch /usr/local/es-data

[root@king01 ~]# mkdir -p /var/log/elasticsearch/

[root@king01 ~]# chown -R elasticsearch:elasticsearch /var/log/elasticsearch/


[root@king01 ~]# vim /etc/elasticsearch/elasticsearch.yml

cluster.name: elk-cluster

node.name: king01

path.data: /usr/local/es-data

path.logs: /var/log/elasticsearch/

bootstrap.memory_lock: true

bootstrap.system_call_filter: false

network.host: 192.168.1.201

http.port: 9200

discovery.zen.ping.unicast.hosts: ["king01"]

http.cors.enabled: true

http.cors.allow-origin: "*"


[root@king01 ~]# vi /etc/security/limits.conf

*                soft    nofile          65536  

*                hard    nofile          131072

*                soft    nproc           2048

*                hard    nproc           4096

*                soft    memlock         unlimited

*                hard    memlock         unlimited


[root@king01 ~]# vim /etc/security/limits.d/90-nproc.conf

*          soft    nproc     2048

root       soft    nproc     unlimited


[root@king01 ~]# /etc/init.d/elasticsearch start

[root@king01 ~]# /etc/init.d/elasticsearch status

elasticsearch (pid  18338) is running...


[root@king01 ~]# cat /var/log/elasticsearch/elk-cluster.log

[root@king01 ~]# curl http://192.168.1.201:9200/

{

  "name" : "king01",

  "cluster_name" : "elk-cluster",

  "cluster_uuid" : "oGuBJsi3SZyYnCT4PvuNgA",

  "version" : {

    "number" : "5.6.8",

    "build_hash" : "688ecce",

    "build_date" : "2018-02-16T16:46:30.010Z",

    "build_snapshot" : false,

    "lucene_version" : "6.6.1"

  },

  "tagline" : "You Know, for Search"

}


[root@king01 ~]# yum install -y logstash

[root@king01 ~]# ln -s /usr/share/logstash/bin/logstash /bin/

[root@king01 ~]# mkdir -p /usr/share/logstash/config/

[root@king01 ~]# chown -R logstash:logstash /usr/share/logstash/config/

[root@king01 ~]# ln -s /etc/logstash/* /usr/share/logstash/config

[root@king01 ~]# vim /etc/logstash/conf.d/elk.conf

input {

  syslog {

    port => "514"

  }

}

output {

         elasticsearch {

              hosts => ["192.168.1.201:9200"]

              index => "syslog-%{+YYYY.MM.dd}"

              }

    }


[root@king01 ~]# logstash -f /etc/logstash/conf.d/elk.conf&

[root@king01 ~]# cat /var/log/logstash/logstash-plain.log


[root@king01 ~]# netstat -tunlp | grep 514

tcp        0      0 :::514                      :::*                        LISTEN      18713/java          

udp        0      0 :::514                      :::*                                    18713/java          



[root@king01 ~]# yum install -y kibana

[root@king01 ~]# vim /etc/kibana/kibana.yml

server.port: 5601

server.host: "0.0.0.0"

elasticsearch.url: "http://192.168.1.201:9200"


[root@king01 ~]# /etc/init.d/kibana start

kibana started

[root@king01 ~]# /etc/init.d/kibana status

kibana is running

[root@king01 ~]# netstat -tunlp | grep 5601


[root@king02 ~]# vi /etc/rsyslog.conf 

*.* @192.168.1.201:514


[root@king02 ~]# vi /etc/bashrc

export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'


[root@king02 ~]# service rsyslog restart









ELK日志分析平台部署实录

标签:linux   elk   

原文地址:http://blog.51cto.com/13598811/2074326

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!