1、安装Java JDK
sudo apt-get install default-jdk
2、安装Elasticsearch
1、导入Elasticsearch的GPG公钥
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
2、添加Elasticsearch仓库源
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
3、安装elasticsearch
sudo apt-get update
sudo apt-get install elasticsearch
4、安装完成之后,配置Elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml
network.host: localhost 取消下面一行注释,并把值替换为localhost:
5、启动Elasticsearch服务并加入开机自启
sudo systemctl start elasticsearch
sudo systemctl enbale elasticsearch
3、安装Kibana
1、添加kibana仓库
echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list
2、安装kibana
sudo apt-get update
sudo apt-get install kibana
3、配置kinbana
sudo vim /opt/kibana/config/kibana.yml
server.host: "localhost" 把值改为localhost
4、启动kinbana服务并加入开机自启
sudo systemctl start kinbana
sudo systemctl enbale kinbana
4、安装nginx
sudo apt-get install nginx
1、启动nginx并加入开机自启
sudo systemctl start nginx
sudo systemctl enable nginx
2、使用openssl创建一个管理员(admin)
按照提示创建用户和密码,用来登陆kinbana web
sudo -v
echo "admin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
3、修改nginx配置文件
sudo vim /etc/nginx/conf.d/elk.conf
server {
listen 80;
server_name your_domain_or_IP; 填写你的ip或者域名
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
4、检查nginx配置语法
ok的话就重启nginx
nginx -t
sudo systemctl restart nginx
5、安装Logstash
1、添加Logstash软件源
echo "deb http://packages.elastic.co/logstash/2.3/debian stable main" | sudo tee -a /etc/apt/sources.list
2、安装Logstash
sudo apt-get update
sudo apt-get install logstash
3、设置接收的日志格式及类型,创建配置文件
sudo vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
6、安装Filebeat
1、添加Filebeat源和key
echo "deb https://packages.elastic.co/beats/apt stable main" | sudo tee -a /etc/apt/sources.list.d/beats.list
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
2、安装Filebeat
sudo apt-get update
sudo apt-get install filebeat
3、启动Filebeat并加入开机自启
sudo systemctl start filebeat
sudo systemctl enable filebeat
7、登陆web端添加索引
索引名称填写为 filebeat-*
