实验环境
虚拟机 3台 centos7.9
网卡NAT模式 数量 1
组件包
elasticsearch-5.5.0.rpm elasticsearch-head.tar.gz node-v8.2.1.tar.gz
phantomjs-2.1.1-linux-x86_64.tar.bz2 logstash-5.5.1.rpm
kibana-5.5.1-x86_64.rpm
设备 |
IP |
备注 |
Centos01 |
192.168.8.34 |
Node1 elasticsearch |
Centos02 |
192.168.8.35 |
Node2 kibana |
Centos03 |
192.168.8.36 |
Node3 logstash+httpd |
初始化配置
都需安装 java运行环境jdk 192.168.8.34 192.168.8.35
yum -y install java jcc jcc-j++
安装elasticsearch
Node1 Node2 都配置 192.168.8.34 192.168.8.35
cat << EOF >> /etc/hosts
192.168.8.34 node1
192.168.8.35 node2
EOF
上传安装包 elasticsearch-5.5.0.rpm 192.168.8.34 192.168.8.35
rpm -ivh elasticsearch-5.5.0.rpm
编辑elasticsearch 配置文件 192.168.8.34 192.168.8.35
vim /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster #群集名称
node.name: node1 #节点名称,不同节点修改编号
path.data: /data/elk_data #日志收集目录
path.logs: /data/elk_log #日志存放路径
bootstrap.memory_lock: false #不锁定内存
network.host: 0.0.0.0 #监听IP
http.port: 9200 #监听端口
discovery.zen.ping.unicast.hosts: ["node1", "node2"] #单播实现群集
[root@node1 ~]# mkdir -p /data/elk_data && mkdir -p /data/elk_log
[root@node1 ~]# chown -R elasticsearch:elasticsearch /data
[root@node1 ~]# systemctl start elasticsearch
Node1 部署elasticearch-head插件 192.168.8.34
上传安装包
node-v8.2.1.tar.gz
elasticsearch-head.tar.gz
phantomjs-2.1.1-linux-x86_64.tar.bz2
tar zxf node-v8.2.1.tar.gz
cd node-v8.2.1
./configure && make && make install
安装phantomjs 组件 192.168.8.34
yum -y install bzip2
[root@node1 ~]# tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2
[root@node1 ~]# mv phantomjs-2.1.1-linux-x86_64 /usr/src/phantomjs2.1
[root@node1 ~]# ln -s /usr/src/phantomjs2.1/bin/* /usr/local/bin/
安装elasticsearch-head 组件 192.168.8.34
[root@node1 ~]# tar zxf elasticsearch-head.tar.gz
[root@node1 ~]# cd elasticsearch-head
[root@node1 elasticsearch-head]# npm install
cat << EOF >> /etc/elasticsearch/elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type
EOF
systemctl restart elasticsearch
npm run start &
Node3上部署 httpd+ logstash 192.168.8.36
上传安装包 logstash-5.5.1.rpm
yum -y install httpd
rpm -ivh logstash-5.5.1.rpm
ln -s /usr/share/logstash/bin/logstash /usr/local/sbin/
编辑自定义提交日志配置 192.168.8.36
vim /etc/logstash/conf.d/httpd_log.conf
input {
file {
path => "/var/log/httpd/access_log"
type => "access"
start_position => "beginning"
}
file {
path => "/var/log/httpd/error_log"
type => "error"
start_position => "beginning"
}
}
output {
if [type] == "access" {
elasticsearch {
hosts => ["192.168.8.34:9200"]
index => "httpd_access-%{+YYYY.MM.dd}"
}
}
if [type] == "error" {
elasticsearch {
hosts => ["192.168.8.34:9200"]
index => "httpd_error-%{+YYYY.MM.dd}"
}
}
}
启动日志传递 192.168.8.36
nohup logstash -f /etc/logstash/conf.d/httpd_log.conf &
验证
Node2安装 kibana 图形化查看工具 192.168.8.35
上传安装包 kibana-5.5.1-x86_64.rpm
rpm -ivh kibana-5.5.1-x86_64.rpm
vim /etc/kibana/kibana.yml
cat << EOF >> /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.8.34:9200"
kibana.index: ".kibana"
EOF
systemctl enable kibana --now
验证
http://192.168.8.35:5601