组件及对应端口

服务 端口
elasticsearch 9200、9300
cerebro 9000
Kibana 5601

安装elasticsearch

cd ~

wget -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.5.1-linux-x86_64.tar.gz

tar zxvf elasticsearch-7.5.1-linux-x86_64.tar.gz

mv elasticsearch-7.5.1 /opt/es

useradd es -d /opt/es

mkdir -p /opt/es_data /opt/es_logs

chown -R es:es /opt/es_data /opt/es_logs /opt/es

wget -O /opt/es/config/elasticsearch.yml http://www.bigops.com/bigops-install/elk/elasticsearch.yml

编辑/opt/es/config/elasticsearch.yml文件,修改相关配置

编辑/opt/es/config/jvm.options,根据你内存情况进行修改

-Xms4g

-Xmx4g

注释3行

#-XX:+UseConcMarkSweepGC

#-XX:CMSInitiatingOccupancyFraction=75

#-XX:+UseCMSInitiatingOccupancyOnly

添加2行

-XX:+UseG1GC

-XX:MaxGCPauseMillis=200

随机自启动

centos 7

wget -O /usr/lib/systemd/system/es.service http://www.bigops.com/bigops-install/elk/es.service

systemctl enable es

systemctl daemon-reload

sysctl -p

ulimit -SHn 655360

systemctl restart es.service

centos 6

wget -O /etc/init.d/es http://www.bigops.com/bigops-install/elk/es

chmod +x /etc/init.d/es

chkconfig --add es

chkconfig --level 345 es on

sysctl -p

ulimit -SHn 655360

service es restart

检查服务是否正常

# netstat -nptl|grep 9[2,3]00

tcp 0 0 192.168.50.51:9200 0.0.0.0:* LISTEN 4760/java

tcp 0 0 192.168.50.51:9300 0.0.0.0:* LISTEN 4760/java

设置es密码

./bin/elasticsearch-setup-passwords interactive

根据提示输入密码,设置完重启es服务。

安装kibana

yum -y install nodejs npm git bzip2

wget -c https://artifacts.elastic.co/downloads/kibana/kibana-7.5.1-linux-x86_64.tar.gz

tar zxvf kibana-7.5.1-linux-x86_64.tar.gz

mv kibana-7.5.1-linux-x86_64 /opt/kibana

wget -O /opt/kibana/config/kibana.yml http://www.bigops.com/bigops-install/elk/kibana.yml

编辑/opt/kibana/config/kibana.yml

随机自动启

centos 7

wget -O /usr/lib/systemd/system/kibana.service http://www.bigops.com/bigops-install/elk/kibana.service

systemctl enable kibana

systemctl daemon-reload

systemctl restart kibana.service

centos 6

wget -O /etc/init.d/kibana http://www.bigops.com/bigops-install/elk/kibana

chmod +x /etc/init.d/kibana

chkconfig --add kibana

chkconfig --level 345 kibana on

service kibana restart

使用域名+端口方式访问,比如:work.bigops.com:5601,会显示kibana登录页面

创建ES索引模板

登录Kibana,执行语句

语句文件:www.bigops.com/bigops-install/create_es_index.txt

文件写了5个语句,需要分别执行

安装cerebro(可选)

wget -c https://github.com/lmenezes/cerebro/releases/download/v0.8.4/cerebro-0.8.4.tgz

tar zxvf cerebro-0.8.4.tgz

mv cerebro-0.8.4 /opt/cerebro

编辑/opt/cerebro/conf/application.conf文件

随机启动

centos 7

wget -O /usr/lib/systemd/system/cerebro.service http://www.bigops.com/bigops-install/elk/cerebro.service

chmod -R 777 /opt/cerebro/bin/

systemctl enable cerebro

systemctl daemon-reload

systemctl restart cerebro.service

centos 6

wget -O /etc/init.d/cerebro http://www.bigops.com/bigops-install/elk/cerebro

chmod -R 777 /opt/cerebro/bin/

chmod +x /etc/init.d/cerebro

chkconfig --add cerebro

chkconfig --level 345 cerebro on

service cerebro restart

用浏览器访问对应ip加端口

忘记elasticsearch密码,重置密码

按下述步骤创建本地超级账户,然后使用api接口重置elastic账户的密码

(1) 停止elasticsearch服务

(2) 使用命令ES_HOME/bin/x-pack/users创建一个基于本地问价认证的超级管理员

./bin/elasticsearch-users useradd my_admin -p my_password -r superuser

(3) 启动elasticsearch服务

(4) 通过api重置elastic超级管理员的密码

curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'

{

"password" : "new_password"

}

'

(5) 校验密码是否重置成功

curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'

安装Logstash

cd ~

wget -c https://artifacts.elastic.co/downloads/logstash/logstash-7.5.1.tar.gz

tar zxvf logstash-7.5.1.tar.gz

mv logstash-7.5.1 /opt/logstash

wget -O /opt/logstash/config/syslog.conf http://www.bigops.com/bigops-install/elk/syslog.conf

修改配置文件/opt/logstash/config/syslog.conf

测试logstash

/opt/logstash/bin/logstash -f /opt/logstash/config/syslog.conf

单独开一个终端打条测试日志,命令行输入

logger -i -t "my_test" -p local3.notice "test_info"

客户端修改rsyslog.conf,最后加一行,xxx.xxx.xxx.xxx写上logstash服务器IP

vi /etc/rsyslog.conf

*.notice @@xxx.xxx.xxx.xxx:3514

重启rsyslog

service rsyslog restart (centos 6)

systemctl restart rsyslog (centos 7)

测试成功后可以放后台运行,并加自动启动运行

/opt/logstash/bin/logstash -f /opt/logstash/config/syslog.conf &

kibana查看是否有syslog数据进来

创建Kibana索引模式

定义索引模式

配置设置

查看索引文档

results matching ""

    No results matching ""