ELK
1. Virtualbox/Vagrant4
1.1. Virtualbox4
1.2. Vagrant4
1.2.1. 4
1.2.2. Vagrant box4
1.2.3. 5
1.2.4. 6
2. ELK6
2.1. CentOS76
2.1.1. iptables6
2.1.2. ifconfig6
2.1.3. IPV67
2.2. Java7
2.3. Elasticsearch7
2.3.1. elasticsearch7
2.3.2. elasticsearch.repo7
2.3.3. yum install8
2.3.4. elasticsearchip8
2.3.5. elasticsearch8
2.3.6. elasticsearch8
2.3.7. elasticsearch rest8
2.4. Kibana9
2.4.1. kibana.repo9
2.4.2. yum installkibana9
2.4.3. kibana9
2.4.4. kibana9
2.5. Nginx10
2.5.1. nginx10
2.5.2. 10
2.5.3. /etc/nginx/nginx.conf10
2.5.4. /etc/nginx/conf.d/kibana.conf11
2.5.5. nginx11
2.6. Logstash11
2.6.1. logstash.repo12
2.6.2. yum installlogstash12
2.6.3. ssl12
2.6.3.1. ip12
2.6.3.2. 12
2.6.4. Logstash13
2.6.4.1. Input13
2.6.4.2. Filter13
2.6.4.3. Output14
2.6.5. 14
2.6.6. logstash14
2.6.7. Kibana Dashboards14
2.7. Filebeat15
2.7.1. elasticsearch15
2.7.2. elastic-beats.repo15
2.7.3. filebeat15
2.7.4. Filebeat15
2.7.4.1. 15
2.7.4.1.1. elasticsearch16
2.7.4.1.2. logstash16
2.7.5. load filebeat template16
2.7.6. filebeat17
2.7.7. filebeat17
2.7.8. Connect to Kibana18
2.8. topbeat19
2.8.1. elasticsearch19
2.8.2. elastic-beats.repo20
2.8.3. topbeat20
2.8.4. Topbeat20
2.8.5. load topbeat template20
2.8.6. topbeat21
2.8.7. topbeat21
2.8.8. Connect to Kibana22
2.9. logstash23
2.9.1. Nginx24
2.9.1.1. Logstash Patterns: Nginx25
2.9.1.2. Logstash Filter: Nginx25
2.9.1.3. logstash25
2.9.1.4. Filebeat Prospector: Nginx25
2.9.1.5. filebeat26
2.9.1.6. kibana26
2.9.2. Apache HTTP Web Server26
2.9.2.1. Logstash Filter: Apache26
2.9.2.2. logstash27
2.9.2.3. Filebeat Prospector: Apache27
2.9.2.4. filebeat27
2.9.3. Tomcat27
2.9.3.1. Logstash Patterns: Tomcat28
2.9.3.2. Logstash Filter: Tomcat28
2.9.3.3. logstash29
2.9.3.4. Filebeat Prospector: Tomcat29
2.9.3.5. filebeat29
2.9.3.6. kibana30
2.9.4. 30
2.10. Kibana31
2.11. Elasticsearch34
2.11.1. plugin35
2.11.2. head35
2.11.3. bigdesk37
2.11.4. kopf39
2.11.5. 40
3. 40
4. Elasticsearch41
:
Vagrant 1.8.1
CentOS 7.2 192.168.0.228
Elasticsearch 2.3.2
logstash 2.2.4
Kibana 4.4.2
filebeat 1.2.2
topbeat 1.2.2
Virtualbox/Vagrant
linux
Virtualbox
https://www.virtualbox.org/
http://download.virtualbox.org/virtualbox/5.0.20/VirtualBox-5.0.20-106931-Win.exe
Vagrant
https://www.vagrantup.com
VagrantDockerVagrantRuby php/python/ruby/java web OracleVirtualBox Vagrant Linux Mac/Windows/Linux
https://releases.hashicorp.com/vagrant/1.8.1/vagrant_1.8.1.msi
Vagrant box
Vagrant boxhttps://atlas.hashicorp.com/boxes/search
CentOSvagrant box
http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7.box
boxF:\
box
vagrant box add CentOS/7 F:\CentOS-7.box # boxCentOS/7
vagrant box list # box
vagrant init CentOS/7 # box
vagrant up # vagrant
Vagrantfile
Vagrant.configure(2) do |config|
config.vm.box = "CentOS/7"
config.vm.network "public_network", ip: "192.168.0.228"
config.vm.hostname = "c1"
config.vm.provider "virtualbox" do |vb|
vb.name = "c1"
vb.memory = "2048"
end
end
config.vm.boxbox
config.vm.network ip
config.vm.hostname
config.vm.providervirtualboxvmware
Vb.name
vb.memory
vagrant up
$ vagrant init #
$ vagrant up #
$ vagrant halt #
$ vagrant reload #
$ vagrant ssh # SSH
$ vagrant status #
$ vagrant destroy #
vagranthttps://github.com/sxyx2008/DevArticles/issues/36
ELKCentOS7
elkCentOS7CentOS7ifconfigiptables
iptables
$ systemctl stop firewalld
$ systemctl mask firewalld
$ yum install iptables-services
$ systemctl enable iptables
$ systemctl [stop|start|restart] iptables
$ service iptables save
ifconfig
$ ip addr
$ ip link
$ ip -s link
$ yum provides ifconfig
$ yum whatprovides ifconfig
$ yum install net-tools
$ ifconfig -a
IPV6
$ vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.eth1.disable_ipv6 = 1
$ sysctl -p
$ vi /etc/sysctl.d/disableipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.eth1.disable_ipv6 = 1
$ reboot
Java
$ cd ~
$ wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u73-b02/jdk-8u73-linux-x64.rpm"
$ sudo yum -y localinstall jdk-8u73-linux-x64.rpm
$ sudo vim /etc/profile
export JAVA_HOME=/usr/java/jdk1.8.0_73
export CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
$ source /etc/profile
Elasticsearch
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
elasticsearch
$ sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch
elasticsearch.repo
$ echo '[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum install
$ sudo yum -y install elasticsearch
elasticsearchip
$ sudo vim /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.0.228
elasticsearch
$ sudo systemctl start elasticsearch
elasticsearch
$ sudo systemctl enable elasticsearch
elasticsearch rest
http://192.168.0.228:9200/elasticsearch
1 Elasticsearchhttp92009300
2 Elasticsearch rest
3 Elasticsearch/usr/share/elasticsearch
4 Elasticsearch/etc/elasticsearch/rpm -qc
$ rpm -qc elasticsearch
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/logging.yml
/etc/init.d/elasticsearch
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service
/usr/lib/tmpfiles.d/elasticsearch.conf
Kibana
https://www.elastic.co/guide/en/kibana/current/index.html
kibana.repo
$ sudo vim /etc/yum.repos.d/kibana.repo
[kibana-4.4]
name=Kibana repository for 4.4.x packages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
yum installkibana
$ sudo yum -y install kibana
1 Kibana5601
2 kibana/opt/kibana
3 Kibana/opt/kibana/config/kibana.yml
$ rpm -qc kibana
/opt/kibana/config/kibana.yml
kibana
$ sudo vim /opt/kibana/config/kibana.yml
server.host: "192.168.0.228"
elasticsearch.url: "http://192.168.0.228:9200"
kibana
$ sudo systemctl start kibana
$ sudo chkconfig kibana on
Nginx
elasticsearchkibananginx
nginx
$ sudo yum -y install epel-release
$ sudo yum -y install nginx httpd-tools
$ sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin #kibanaadmin
kibanaadmin/kibanaadminkibanaadmin
/etc/nginx/nginx.conf
$ sudo vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/kibana.conf
sudo vim /etc/nginx/conf.d/kibana.conf
server {
listen 80;
server_name 192.168.0.228;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://192.168.0.228:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
1 http basic
2 nginxkibanahttp://192.168.0.228:5601
$ sudo setsebool -P httpd_can_ne