CentOS   发布时间:2022-04-02  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈)大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

概述

使用Logstash和Kibana在CentOS 7上集中日志记录 集中日志记录在尝试识别服务器或应用程序的问题时非常有用,因为它允许您在单个位置搜索所有日志。它也很有用,因为它允许您通过在特定时间范围内关联其日志来识别跨多个服务器的问题。本系列教程将教您如何在CentOS上安装Logstash和Kibana,然后如何添加更多过滤器来构造您的日志数据。 安装介绍 在本教程中,我们将在CentOS

使用Logstash和Kibana在CentOS 7上集中日志记录

安装介绍

实验目的

  • Logstash:处理传入日志的Logstash的服务器组件
  • Elasticsearch:存储所有日志
  • Kibana:用于搜索和可视化日志的Web界面,将通过Nginx
  • Filebeat代理:安装在将其日志发送到Logstash的客户端服务器,Filebeat充当日志传送代理,利用伐木工具网络协议与Logstash进行通信

先决条件

  • OS: CentOS 7
  • RAM: 4GB
  • cpu: 2

安装 Java 8

# JDK下载地址:
http://www.Oracle.com/technetwork/java/javase/downloads
yum -y localinstall jdk-8u111-linux-x64.rpm
# or
rpm -ivh jdk-8u111-linux-x64.rpm

安装 Elasticsearch

# https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum makecache
yum install elasticsearch -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service
# 注释24行的 --quiet \
vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
  • 使用tail查看journal:
sudo journalctl -f
  • 要列出elasticsearch服务的日记帐分录:
sudo journalctl --unit elasticsearch
  • 要从给定时间开始列出elasticsearch服务的日记帐分录:
sudo journalctl --unit elasticsearch --since  "2017-1-4 10:17:16"

# since 表示指定时间之前的记录

检查Elasticsearch是否正在运行

curl -XGET 'localhost:9200/?pretty'
{
  "name" : "De-LRNO","cluster_name" : "elasticsearch","cluster_uuid" : "DeJzplWhQQK5uGitXr8jjA","version" : { "number" : "5.1.1","build_hash" : "5395e21","build_date" : "2016-12-06T12:36:15.409Z","build_snapshot" : false,"lucene_version" : "6.3.0" },"tagline" : "You KNow,for Search" }

配置 Elasticsearch

[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml 
[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.1.1.53  # 认localhost,自定义为ip
http.port: 9200
[root@linuxprobe elasticsearch]# egrep -v "^#|^$" /etc/sysconfig/elasticsearch 
ES_HOME=/usr/share/elasticsearch
JAVA_HOME=/usr/java/jdk1.8.0_111
CONF_DIR=/etc/elasticsearch
data_dir=/var/lib/elasticsearch
LOG_DIR=/var/log/elasticsearch
PID_DIR=/var/run/elasticsearch

日志配置

安装 Kibana

导入Elastic PGP Key

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[kibana-5.x]
name=Kibana repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/kibana.repo
yum makecache && yum install kibana -y

使用systemd运行Kibana

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
sudo systemctl start kibana.service
sudo systemctl stop kibana.service

配置Kibana

安装Nginx

# https://www.Nginx.com/resources/wiki/start/topics/tutorials/install/

echo '[Nginx]
name=Nginx repo
baseurl=http://Nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
' | sudo tee /etc/yum.repos.d/Nginx.repo
yum install Nginx httpd-tools -y
[root@linuxprobe ~]# htpasswd -c /etc/Nginx/htpasswd.users kibanaadmin
New password:              # 自定义
Re-type new password: 
Adding password for user kibanaadmin
[root@linuxprobe ~]# egrep -v "#|^$" /etc/Nginx/conf.d/kibana.conf 
server {
    listen       80;
    server_name  kibana.aniu.co;
    access_log  /var/log/Nginx/kibana.aniu.co.access.log main;
    error_log   /var/log/Nginx/kibana.aniu.co.access.log;
    auth_basic "ReStricted Access";
    auth_basic_user_file /etc/Nginx/htpasswd.users;
    LOCATIOn / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        
    }
}
# 启动Nginx并验证配置

sudo systemctl start Nginx
sudo systemctl enable Nginx
  • 访问kibana,输入上面设置的kibanaadmin,password

安装Logstash

# 导入公共签名密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

# 将以下内容添加到具有.repo后缀的文件中的/etc/yum.repos.d/目录中,如logstash.repo
echo '[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/logstash.repo
yum makecache && yum install logstash -y

生成SSL证书

cd /etc/pki/tls
sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt

# 注:ELK_server_fqdn自定义,示例如下:
[root@linuxprobe ~]# cd /etc/pki/tls
[root@linuxprobe tls]# sudo openssl req -subj '/CN=kibana.aniu.co/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt
Generating a 2048 bit RSA private key
.+++
...........................................................................................................+++
wriTing new private key to 'private/logstash-forWARDer.key'
-----

配置Logstash

sudo vi /etc/logstash/conf.d/01-beats-input.conf
input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/pki/tls/certs/logstash-forWARDer.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forWARDer.key"
  }
}
sudo vim /etc/logstash/conf.d/10-syslog-filter.conf
filter {
  if [type] == "syslog" { grok { @H_697_488@match => { "message" => "%{SYSLOGtimestAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at","%{@timestamp}" ]
      add_field => [ "received_from","%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp","MMM d HH:mm:ss","MMM dd HH:mm:ss" ]
    }
  }
}
vim /etc/logstash/conf.d/logstash-simple.conf
  • 插入以下输入配置
input { stdin { } }
output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

运行Logstash使用Systemd

sudo systemctl start logstash.service
sudo systemctl enable logstash.service

加载Kibana仪表板

cd /usr/local/src
curl -L -O https://download.elastic.co/beats/dashboards/beats-dashboards-1.1.0.zip
sudo yum -y install unzip
unzip beats-dashboards-*.zip
./load.sh
  • [packetbeat-]YYYY.Mm.DD
  • [topbeat-]YYYY.Mm.DD
  • [filebeat-]YYYY.Mm.DD
  • [winlogbeat-]YYYY.Mm.DD

在Elasticsearch中加载Filebeat索引模板

cd /usr/local/src
curl -O https://gist.githubusercontent.com/thisismitch/3429023e8438cc25b86c/raw/d8c479e2a1adcea8b1fe86570e42abab0f10f364/filebeat-index-template.json
# 注:执行命令的位置和json模板相同

[root@linuxprobe src]# curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@filebeat-index-template.json
{
  "ackNowledged" : true
}

设置Filebeat(添加客户端服务器)

复制ssl证书

# 使用SCP远程实现复制
yum -y install openssh-clinets

# 
scp /etc/pki/tls/certs/logstash-forWARDer.crt root@linux-node1:/tmp

# 注:如果不适用ip,记得在ELK服务器上设置hosts
[root@linux-node1 ~]# sudo mkdir -p /etc/pki/tls/certs
[root@linux-node1 ~]# sudo cp /tmp/logstash-forWARDer.crt /etc/pki/tls/certs/

安装Filebeat包

sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch
#
echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum makecache && yum install filebeat -y
sudo chkconfig --add filebeat

配置filebeat

[root@linux-node1 ~]# egrep -v "#|^$" /etc/filebeat/filebeat.yml 
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/secure         # 新增
    - /var/log/messages       # 新增
    - /var/log/*.log
output.elasticsearch:
  hosts: ["localhost:9200"]
output.logstash:
  hosts: ["kibana.aniu.co:5044"]   # 修改为ELK上Logstash的连接方式
  ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forWARDer.crt"] # 新增
  • 启动filebeat
sudo systemctl start filebeat
sudo systemctl enable filebeat

连接Kibana

大佬总结

以上是大佬教程为你收集整理的如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈)全部内容,希望文章能够帮你解决如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈)所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。