分类导航

CentOS 发布时间：2022-04-02 发布网站：大佬教程 code.js-code.com

大佬教程收集整理的这篇文章主要介绍了如何在CentOS 7上安装Elasticsearch，Logstash和Kibana（ELK堆栈），大佬教程大佬觉得挺不错的，现在分享给大家，也给大家做个参考。

概述

使用Logstash和Kibana在CentOS 7上集中日志记录集中日志记录在尝试识别服务器或应用程序的问题时非常有用，因为它允许您在单个位置搜索所有日志。它也很有用，因为它允许您通过在特定时间范围内关联其日志来识别跨多个服务器的问题。本系列教程将教您如何在CentOS上安装Logstash和Kibana，然后如何添加更多过滤器来构造您的日志数据。安装介绍在本教程中，我们将在CentOS

使用Logstash和Kibana在CentOS 7上集中日志记录

安装介绍

实验目的

Logstash：处理传入日志的Logstash的服务器组件
Elasticsearch：存储所有日志
Kibana：用于搜索和可视化日志的Web界面，将通过Nginx
Filebeat代理：安装在将其日志发送到Logstash的客户端服务器，Filebeat充当日志传送代理，利用伐木工具网络协议与Logstash进行通信

先决条件

OS: CentOS 7
RAM: 4GB
cpu: 2

安装 Java 8

# JDK下载地址：
http://www.Oracle.com/technetwork/java/javase/downloads

yum -y localinstall jdk-8u111-linux-x64.rpm
# or
rpm -ivh jdk-8u111-linux-x64.rpm

安装 Elasticsearch

@H_944_70@# https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpg@R_944_10943@k=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo

yum makecache
yum install elasticsearch -y

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service

sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service

# 注释24行的 --quiet \
vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service

使用tail查看journal：

sudo journalctl -f

要列出elasticsearch服务的日记帐分录：

sudo journalctl --unit elasticsearch

要从给定时间开始列出elasticsearch服务的日记帐分录：

sudo journalctl --unit elasticsearch --since  "2017-1-4 10:17:16"

# since 表示指定时间之前的记录

检查Elasticsearch是否正在运行

curl -XGET 'localhost:9200/?pretty'

{
  "name" : "De-LRNO","cluster_name" : "elasticsearch","cluster_uuid" : "DeJzplWhQQK5uGitXr8jjA","version" : { "number" : "5.1.1","build_hash" : "5395e21","build_date" : "2016-12-06T12:36:15.409Z","build_snapshot" : false,"lucene_version" : "6.3.0" },"tagline" : "You KNow,for Search" }

配置 Elasticsearch

[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml 
[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.1.1.53  # 默认localhost，自定义为ip
http.port: 9200

[root@linuxprobe elasticsearch]# egrep -v "^#|^$" /etc/sysconfig/elasticsearch 
ES_HOME=/usr/share/elasticsearch
JAVA_HOME=/usr/java/jdk1.8.0_111
CONF_DIR=/etc/elasticsearch
data_dir=/var/lib/elasticsearch
LOG_DIR=/var/log/elasticsearch
PID_DIR=/var/run/elasticsearch

日志配置

安装 Kibana

导入Elastic PGP Key

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

echo '[kibana-5.x]
name=Kibana repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpg@R_944_10943@k=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/kibana.repo

yum makecache && yum install kibana -y

使用systemd运行Kibana

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service

sudo systemctl start kibana.service
sudo systemctl stop kibana.service

配置Kibana

安装Nginx

创建Nginx官方源来安装Nginx

# https://www.Nginx.com/resources/wiki/start/topics/tutorials/install/

echo '[Nginx]
name=Nginx repo
baseurl=http://Nginx.org/packages/centos/$releasever/$basearch/
gpg@R_944_10943@k=0
enabled=1
' | sudo tee /etc/yum.repos.d/Nginx.repo

使用yum安装Nginx和httpd-tools

yum install Nginx httpd-tools -y

使用htpasswd创建一个名为“kibanaadmin”的管理员用户（可以使用其他名称），该用户可以访问Kibana Web界面：

[root@linuxprobe ~]# htpasswd -c /etc/Nginx/htpasswd.users kibanaadmin
New password:              # 自定义
Re-type new password: 
Adding password for user kibanaadmin

[root@linuxprobe ~]# egrep -v "#|^$" /etc/Nginx/conf.d/kibana.conf 
server {
    listen       80;
    server_name  kibana.aniu.co;
    access_log  /var/log/Nginx/kibana.aniu.co.access.log main;
    error_log   /var/log/Nginx/kibana.aniu.co.access.log;
    auth_basic "ReStricted Access";
    auth_basic_user_file /etc/Nginx/htpasswd.users;
    LOCATIOn / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        
    }
}

# 启动Nginx并验证配置

sudo systemctl start Nginx
sudo systemctl enable Nginx

访问kibana，输入上面设置的kibanaadmin,password

安装Logstash

# 导入公共签名密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

# 将以下内容添加到具有.repo后缀的文件中的/etc/yum.repos.d/目录中，如logstash.repo
echo '[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpg@R_944_10943@k=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/logstash.repo

yum makecache && yum install logstash -y

生成SSL证书

cd /etc/pki/tls
sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt

# 注：ELK_server_fqdn自定义，示例如下：
[root@linuxprobe ~]# cd /etc/pki/tls
[root@linuxprobe tls]# sudo openssl req -subj '/CN=kibana.aniu.co/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt
Generating a 2048 bit RSA private key
.+++
...........................................................................................................+++
wriTing new private key to 'private/logstash-forWARDer.key'
-----

配置Logstash

sudo vi /etc/logstash/conf.d/01-beats-input.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/pki/tls/certs/logstash-forWARDer.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forWARDer.key"
  }
}

sudo vim /etc/logstash/conf.d/10-syslog-filter.conf

filter {
  if [type] == "syslog" { grok { @H_270_488@match => { "message" => "%{SYSLOGtimestAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at","%{@timestamp}" ]
      add_field => [ "received_from","%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp","MMM d HH:mm:ss","MMM dd HH:mm:ss" ]
    }
  }
}

创建一个名为logstash-simple的配置文件,示例文件：

vim /etc/logstash/conf.d/logstash-simple.conf

插入以下输入配置

input { stdin { } }
output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

运行Logstash使用Systemd

sudo systemctl start logstash.service
sudo systemctl enable logstash.service

加载Kibana仪表板

cd /usr/local/src
curl -L -O https://download.elastic.co/beats/dashboards/beats-dashboards-1.1.0.zip

sudo yum -y install unzip
unzip beats-dashboards-*.zip
./load.sh

[packetbeat-]YYYY.Mm.DD
[topbeat-]YYYY.Mm.DD
[filebeat-]YYYY.Mm.DD
[winlogbeat-]YYYY.Mm.DD

在Elasticsearch中加载Filebeat索引模板

cd /usr/local/src
curl -O https://gist.githubusercontent.com/thisismitch/3429023e8438cc25b86c/raw/d8c479e2a1adcea8b1fe86570e42abab0f10f364/filebeat-index-template.json

# 注：执行命令的位置和json模板相同

[root@linuxprobe src]# curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@filebeat-index-template.json
{
  "ackNowledged" : true
}

设置Filebeat（添加客户端服务器）

复制ssl证书

# 使用SCP远程实现复制
yum -y install openssh-clinets

# 
scp /etc/pki/tls/certs/logstash-forWARDer.crt root@linux-node1:/tmp

# 注：如果不适用ip，记得在ELK服务器上设置hosts

[root@linux-node1 ~]# sudo mkdir -p /etc/pki/tls/certs
[root@linux-node1 ~]# sudo cp /tmp/logstash-forWARDer.crt /etc/pki/tls/certs/

安装Filebeat包

sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch
#
echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpg@R_944_10943@k=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo

yum makecache && yum install filebeat -y
sudo chkconfig --add filebeat

配置filebeat

[root@linux-node1 ~]# egrep -v "#|^$" /etc/filebeat/filebeat.yml 
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/secure         # 新增
    - /var/log/messages       # 新增
    - /var/log/*.log
output.elasticsearch:
  hosts: ["localhost:9200"]
output.logstash:
  hosts: ["kibana.aniu.co:5044"]   # 修改为ELK上Logstash的连接方式
  ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forWARDer.crt"] # 新增

启动filebeat

sudo systemctl start filebeat
sudo systemctl enable filebeat

连接Kibana

大佬总结

以上是大佬教程为你收集整理的如何在CentOS 7上安装Elasticsearch，Logstash和Kibana（ELK堆栈）全部内容，希望文章能够帮你解决如何在CentOS 7上安装Elasticsearch，Logstash和Kibana（ELK堆栈）所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错，欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ：384754419，请注明来意。

标签：7 centos elasticsearch elk logstash 堆栈如何安装

上一篇: 【CentOS】CentOS Linux服务器安... 下一篇:CentOS卸载Apache方法

猜你在找的CentOS相关文章

Linux（CentOS 5.5）安装Apache 2.2.3 2022-05-09
ContOS7切换国内源 2019-10-31
在阿里云Centos下LNMP环境搭建 2019-10-31
CentOS7.x的DNS服务的基础配置 2019-10-31
安装VMwareTools时出错：What is the location of the directory of C header files t... 2019-10-31
CentOS的启动方式和语言设置 2019-10-31
centos，fedora 如何开机自动联网？？？ 2019-10-31
CentOS 5.5使用yum安装LAMP环境（sohu源） 2019-10-31
CentOS 6.0安装图解教程 2019-10-31
Apache与PHP的整合(编译安装)，不涉及MySQL数据库的整合 2019-10-31