Ubuntu 16.04 搭建 ELK
程序员文章站
2023-09-07 18:43:58
1、安装Java JDK 2、安装Elasticsearch 1、导入Elasticsearch的GPG公钥 2、添加Elasticsearch仓库源 3、安装elasticsearch 4、安装完成之后,配置Elasticsearch 5、启动Elasticsearch服务并加入开机自启 3、安装 ......
1、安装java jdk
sudo apt-get install default-jdk
2、安装elasticsearch
1、导入elasticsearch的gpg公钥
wget -qo - https://packages.elastic.co/gpg-key-elasticsearch | sudo apt-key add -
2、添加elasticsearch仓库源
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
3、安装elasticsearch
sudo apt-get update sudo apt-get install elasticsearch
4、安装完成之后,配置elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml network.host: localhost 取消下面一行注释,并把值替换为localhost:
5、启动elasticsearch服务并加入开机自启
sudo systemctl start elasticsearch sudo systemctl enbale elasticsearch
3、安装kibana
1、添加kibana仓库
echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list
2、安装kibana
sudo apt-get update sudo apt-get install kibana
3、配置kinbana
sudo vim /opt/kibana/config/kibana.yml server.host: "localhost" 把值改为localhost
4、启动kinbana服务并加入开机自启
sudo systemctl start kinbana sudo systemctl enbale kinbana
4、安装nginx
sudo apt-get install nginx
1、启动nginx并加入开机自启
sudo systemctl start nginx sudo systemctl enable nginx
2、使用openssl创建一个管理员(admin)
按照提示创建用户和密码,用来登陆kinbana web
sudo -v echo "admin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
3、修改nginx配置文件
sudo vim /etc/nginx/conf.d/elk.conf
server {
listen 80;
server_name your_domain_or_ip; 填写你的ip或者域名
auth_basic "restricted access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection 'upgrade';
proxy_set_header host $host;
proxy_cache_bypass $http_upgrade;
}
}
4、检查nginx配置语法
ok的话就重启nginx
nginx -t sudo systemctl restart nginx
5、安装logstash
1、添加logstash软件源
echo "deb http://packages.elastic.co/logstash/2.3/debian stable main" | sudo tee -a /etc/apt/sources.list
2、安装logstash
sudo apt-get update sudo apt-get install logstash
3、设置接收的日志格式及类型,创建配置文件
sudo vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+yyyy.mm.dd}"
document_type => "%{[@metadata][type]}"
}
}
6、安装filebeat
1、添加filebeat源和key
echo "deb https://packages.elastic.co/beats/apt stable main" | sudo tee -a /etc/apt/sources.list.d/beats.list wget -qo - https://packages.elastic.co/gpg-key-elasticsearch | sudo apt-key add -
2、安装filebeat
sudo apt-get update sudo apt-get install filebeat
3、启动filebeat并加入开机自启
sudo systemctl start filebeat sudo systemctl enable filebeat
7、登陆web端添加索引
索引名称填写为 filebeat-*