ELK
E: ElasticSearch 搜索引擎 存储 https://www.elastic.co/cn/downloads/elasticsearch
L: Logstash 日志收集 https://www.elastic.co/cn/downloads/logstash
K: kibana 展示 https://www.elastic.co/cn/downloads/kibana
ElasticSearch
-
下载解压
-
tar -zxvf elasticsearch-7.3.1-linux-x86_64.tar.gz -
在es下创建数据和日志文件夹,修改配置文件
-
#对应配置里的数据和日志文件目录 mkdir /usr/local/src/elasticsearch/elasticsearch-7.3.1/data mkdir /usr/local/src/elasticsearch/elasticsearch-7.3.1/logs vim config/elasticsearch.ymlcluster.name: my-application
node.name: node-10
path.data: /usr/local/src/elasticsearch/elasticsearch-7.3.1/data
path.logs: /usr/local/src/elasticsearch/elasticsearch-7.3.1/logs
-
新建elkuser用户(注意不能使用root用户启动es)
-
#创建用户 useradd elkuser #修改用户组和用户 chown -R elkuser:elkuser elasticsearch-7.3.1 #切换用户 su elkuser -
启动
-
./bin/elasticsearch
Nginx
安装PCRE
-
安装编译工具及库文件
-
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel -
首先要安装 PCRE(作用是让 Nginx 支持 Rewrite 功能)
-
#下载 wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz #解压安装包 tar -zxvf pcre-8.35.tar.gz #进入安装包目录 cd pcre-8.35 #编译安装 ./configure make && make install #查看pcre版本 pcre-config --version
安装Nginx
-
#下载 wget http://nginx.org/download/nginx-1.6.2.tar.gz #解压安装包 tar -zxvf nginx-1.6.2.tar.gz #进入安装包目录 cd nginx-1.6.2/ #编译安装(注意pcre路径) ./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/nginx/pcre-8.35 make && make install #查看pcre版本 /usr/local/webserver/nginx/sbin/nginx -v
-
检查
-
#检查配置文件nginx.conf的正确性命令 /usr/local/webserver/nginx/sbin/nginx -t -
-
启动 Nginx
-
/usr/local/webserver/nginx/sbin/nginx #查看进程 ps -ef |grep nginx -
-
Nginx 其他命令
-
/usr/local/webserver/nginx/sbin/nginx -s reload # 重新载入配置文件 /usr/local/webserver/nginx/sbin/nginx -s reopen # 重启 Nginx /usr/local/webserver/nginx/sbin/nginx -s stop # 停止 Nginx -
浏览器访问站点
Logstash
-
下载解压
-
tar -zxvf logstash-7.3.1.tar.gz -
创建一个配置文件
-
vim logstash-nginx-access-log.confinput {
path => "/usr/local/webserver/nginx/logs/*.log"
start_position => "beginning"
}
}192.168.192.1 - - [12/Sep/2019:15:47:37 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36" "-"
filter {
grok {
match => {
"message" => '%{IPORHOST:remote_ip} - %{DATA:user_name} [%{HTTPDATE:time}] "%{WORD:request_action} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:response} %{NUMBER:bytes} "%{DATA:referrer}" "%{DATA:agent}"' } }
date {
match => [ "time" , "dd/MMM/yyyy:HH:mm:ss Z" ]
locale => cn
}
}output {
elasticsearch {
hosts => ["192.168.192.10:9200"]
index => "logstash-nginx-access-log"
}
stdout { codec => rubydebug }
} -
启动
-
bin/logstash -f logstash-nginx-access-log.conf -
访问nginx页面
-
kibana
-
下载解压
-
tar -zxvf kibana-7.3.1-linux-x86_64.tar.gz #进入kibana配置下 cd kibana-7.3.1-linux-x86_64/config #修改配置文件 vim kibana.ymlserver.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]
-
启动(kibana不建议以root用户启动,如果用root启动,需要加--allow-root)
-
bin/kibana -
访问5601端口
-
-
创建日志索引
-
-
-
-
查看日志量等信息
-
