ELK安装文档
ELK是日志管理管理系统,由三个主要的软件组成。
https://www.gitbook.com/book/chenryn/kibana-guide-cn/details
http://kibana.logstash.es/content/logstash/get_start/install.html
编辑本段1 elasticsearch安装
1.1 下载解压
下载https://www.elastic.co/downloads/
#tar-xzvf elasticsearch-2.3.1.tar.gz
#cd elasticsearch-2.3.1
1.2 配置
#vimconfig/elasticsearch.yml
network.host: 172.199.0.55
path.logs:/apps/logs/logstash
1.3 启动
#bin/elasticsearch
注意:测试机下使用root启动时,会报权限错误:
#chown-R apps:apps .
#su -c "bin/elasticsearch-d" apps
#ps -ef|grep elasticsearch
#netstat-lnp |grep 9200
#netstat-lnp |grep 9200
tcp 0 0 172.199.0.55:9200 0.0.0.0:* LISTEN 14643/java
1.4 测试
#curl-X GEThttp:// 172.199.0.55:9200
编辑本段2 redis安装
redis:
#yum -yinstall redis #安装redis
#/etc/init.d/redisstart #启动redis(默认配置路径:/etc/redis.conf )
#redis-clikeys '*' #查看redis中的键值
#netstat-lnp |grep redis
#netstat-lnp |grep redis
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 16216/redis-server
编辑本段3 logstash安装(服务器端)
3.1 依赖:(java版本)
java:
#java-version#java version>=1.7.0_51,否则,可以去下载rpm包进行安装:
http://java.com/zh_CN/download/manual.jsp
#rpm-ivh jre-8u77-linux-x64.rpm
3.2 安装:(rpm包)
用 Elasticsearch 官方仓库来直接安装 Logstash
rpm--importhttp://packages.elasticsearch.org/GPG-KEY-elasticsearch
#cat> /etc/yum.repos.d/logstash.repo <
[logstash-1.5]
name=logstash repositoryfor 1.5.x packages
baseurl=http://packages.elasticsearch.org/logstash/1.5/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1
EOF
#yumclean all
(此次版本为logstash 1.5.6)
3.3 配置logstash.conf
#cat /apps/conf/logstash/logstash.conf
input {
redis {
host =>"127.0.0.1"
port =>"6379"
key =>"logstash:redis"
data_type=> "list"
}
}
filter {
if [path] =~ "access" {
mutate {replace => { type => "apache_access" } }
grok {
match=> { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match=> [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
} else if [path] =~ "error" {
mutate {replace => { type => "apache_error" } }
} else {
mutate {replace => { type => "random_logs" } }
}
}
output {
elasticsearch {
host =>"172.199.0.55"
protocol=> "http"
port =>"9200"
index=> "filebeat-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
3.4 测试:(查看输出)
#vim /etc/profile
PATH=/opt/logstash/bin/:$PATH
找到logstash的路径,再测试是否正常:(输入Hello world)
#logstash-e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
{
"message" => "Helloworld",
"@version" => "1",
"@timestamp" =>"2016-04-18T01:34:42.256Z",
"host" =>"55host"
}
3.5 启动
#logstash-f /apps/conf/logstash/logstash.conf -l /apps/logs/elk/logstash.log
Logstash startup completed
编辑本段4 logstash安装(客户端)
4.1 安装
在另外一台机器上安装,其安装与上述类似,其配置为:
找到logstash的路径,再测试是否正常:(输入Hello world two)
#logstash-e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
4.2 配置shipper.conf
配置:
cat /apps/conf/logstash/shipper.conf
input
{
file
{
path => "/apps/logs/nginx_80/*.log"
start_position => "beginning"
}
}
filter {
if [path] =~ "access" {
mutate {replace => { type => "apache_access" } }
grok {
match=> { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match=> [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
} else if [path] =~ "error" {
mutate {replace => { type => "apache_error" } }
} else {
mutate {replace => { type => "random_logs" } }
}
}
output
{
redis
{
host =>"172.199.0.55"
port =>"6379"
key => "logstash:redis"
data_type=> "list"
index=> "filebeat-%{+YYYY.MM.dd}"
}
stdout {codec => rubydebug }
}
4.3 启动
#logstash -f /apps/conf/logstash/shipper.conf -l /apps/logs/elk/logstash.log
Logstash startup completed
编辑本段5 kibana安装
下载:https://www.elastic.co/downloads/kibana,查看最新下载
#tar-xzvf kibana-4.5.0-linux-x64.tar.gz
#cd kibana-4.5.0
#vimconfig/kibana.yml
server.host:"172.199.0.55"
elasticsearch.url:"http://172.199.0.55:9200"
#bin/kibana #如果出现很多错误信息,很可能是版本问题
#netstat-lnp |grep 5601
tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 19497/bin/../node/b
编辑本段6 界面访问
用浏览器访问:http://10.201.76.104:5601/
尝试搜索(注意时间,关键字)
