一、背景
学习ELK,动手实验。
参考:https://blog.csdn.net/qq_33406938/article/details/80307679
二、环境
虚拟机一台,已安装jdk1.8,nginx,ip:192.168.1.8。
三、步骤
1、配置limit.conf
[root@localhost ~]# vi /etc/security/limit.conf
* hard nofile 65536
* soft nofile 65536
* soft nproc 65536
* hard nproc 65536
2、配置sysctl.conf
[root@localhost ~]# vi /etc/sysctl.conf
...
vm.max_map_count = 262144
net.core.somaxconn=65535
net.ipv4.ip_forward = 1
...
[root@localhost ~]# sysctl -p
vm.max_map_count = 262144
net.core.somaxconn = 65535
net.ipv4.ip_forward = 1
3、关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# iptables -F
4、配置清华镜像yum源
[root@localhost ~]# vi /etc/yum.repos.d/elk.repo
[elk]
name=elk
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/
enable=1
gpgcheck=0
5、安装elasticsearch、logstash、kibana、filebeat、nodejs
[root@localhost ~]# yum install elasticsearch -y
[root@localhost ~]# yum install logstash -y
[root@localhost ~]# yum install kibana -y
[root@localhost ~]# yum install filebeat -y
[root@localhost ~]# yum install nodejs -y
6、配置elasticsearch.yml并启动elasticsearch服务
[root@localhost ~]# vi /etc/elasticsearch/elasticsearch.yml
...
cluster.name: elk-stack
node.name: elk.node1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.8:9300"]
discovery.zen.minimum_master_nodes: 1
...
[root@elk ~]# systemctl start elasticsearch
[root@elk ~]# ss -ntlup| grep -E "9200|9300"
tcp LISTEN 0 65535 :::9200 :::* users:(("java",pid=16217,fd=234))
tcp LISTEN 0 65535 :::9300 :::* users:(("java",pid=16217,fd=209))
7、配置kibana.yml并启动kibana服务
[root@localhost ~]# vi /etc/kibana/kibana.yml
...
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.1.8:9200"
kibana.index: ".kibana"
...
[root@localhost ~]# systemctl start kibana
[root@localhost ~]# ss -ntlup | grep 5601
tcp LISTEN 0 511 *:5601 *:* users:(("node",pid=19513,fd=18))
8、配置logstash.yml,添加日志处理文件local_syslog.conf,启动logstash
[root@localhost ~]# vi /etc/logstash/logstash.yml
...
path.config: /etc/logstash/conf.d
...
添加日志处理文件:
[root@localhost ~]# vi /etc/logstash/conf.d/local_syslog.conf
input {
#filebeat客户端
beats {
port => 5044
}
}
#筛选
#filter { }
output {
# 输出到es
elasticsearch {
hosts => ["http://192.168.1.8:9200"]
index => "syslog-%{+YYYY.MM.dd}"
}
}
[root@localhost ~]# vi /etc/logstash/conf.d/local_syslog.conf
[root@localhost ~]# lsof -i:5044
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 17524 logstash 114u IPv6 149366 0t0 TCP *:lxi-evntsvc (LISTEN)
9、配置filebeat.yml并启动filebeat
[root@localhost ~]# vi /etc/filebeat/filebeat.yml
...
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/messages
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
output.logstash:
hosts: ["192.168.1.8:5044"]
...
[root@localhost ~]# systemctl start filebeat
至此,在浏览器中输入http://192.168.1.8即可访问ELK之kibana界面。
10、汉化kibana
[root@localhost ~]# yum install -y git
[root@localhost ~]# git clone https://github.com/anbai-inc/Kibana_Hanization.git
[root@localhost ~]# cd kibana_Hanization
#查看README.md文件,得到汉化方法为:拷贝translations`文件夹`到kibana目录下的`src/legacy/core_plugins/kibana/`目录
[root@localhost kibana_Hanization]# rsync -av --progress translations /usr/share/kibana/src/legacy/core_plugins/kibana
重启kibana:
[root@localhost ~]# systemctl restart kibana
[root@localhost ~]# ss -ntlup | grep 5601
tcp LISTEN 0 511 *:5601 *:* users:(("node",pid=19513,fd=18))
此时,用浏览器访问http://192.168.1.8:5601即可看到中文界面的kibana。