ELK+redis部署

2018-12-05
#监控 #日志

Elasticsearch

安装
1
2
3
yum install java-1.8.0-openjdk-devel wget -y
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.1.rpm
rpm -ivh elasticsearch-6.5.1.rpm
配置

vi /etc/elasticsearch/jvm.options 修改分配的空间大小

1
2
-Xms1g #初始化大小
-Xmx1g #最大大小

注意:不要超过32G,如果空间大,多跑几个实例,不要让一个实例太大内存

生产环境,建议都给32

vi /etc/elasticsearch/elasticsearch.yml

1
2
3
4
5
6
cluster.name: alongels    #集群名字
node.name: els   #节点名
path.data: /els/data   #索引路径
path.logs: /els/logs    #日志存储路径
network.host: 172.10.8.20   #对外通信的地址,依次修改为自己机器对外的IP
#http.port: 9200    #默认端口

mkdir -pv /els/{data,logs} && chown -R elasticsearch.elasticsearch /els/*
systemctl start elasticsearch
netstat -tunlp

只看9200和9300端口就可以了,9100是前端端口,完成下面前端配置才有9100端口

image-20181205172402977

前端配置

https://github.com/mobz/elasticsearch-head 这里有github上步骤

安装head 插件

1
2
git clone git://github.com/mobz/elasticsearch-head.git
cd elasticsearch-head/

安装npm 包

1
yum -y install npm

安装npm 的各种模块

1
[root@els elasticsearch-head]$ npm install

中间会出错,提示解压一个包失败,手动解开就好

Error: Command failed: tar jxf /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2

解决办法:

1
2
3
bunzip2 /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2

tar -xvf /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar

[root@els elasticsearch-head]$

1
npm install

再次修改配置文件,在最后加一个配置段

/etc/elasticsearch/elasticsearch.yml

1
2
3
# ------------------------ Enable CORS in elasticsearch -------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"      #授所有权限

运行head(路径不能错)

1
[root@els elasticsearch-head]# nohup npm run start &

后台运行

重启elasticsearch 服务,打开了9100 端口

1
[root@els ~]$ service elasticsearch restart

Logstash

安装
1
2
3
yum install java-1.8.0-openjdk-devel wget -y
wget  https://artifacts.elastic.co/downloads/logstash/logstash-6.5.1.rpm
rpm -ivh logstash-6.5.1.rpm
配置

cd /etc/logstash/conf.d/

1
2
3
4
5
6
7
8
9
10
vi test.conf

input {
        stdin {}
}
output {
       stdout {
       codec => rubydebug
        }
}

检查语法

logstash -f test.conf -t

出现oK就是正常的

具体实际环境配置见ELK-redis 实战里面的配置

logstash -f test.conf & 后台启动

Kibana

安装
1
2
3
yum install java-1.8.0-openjdk-devel wget -y
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.1-x86_64.rpm
rpm -ivh kibana-6.5.1-x86_64.rpm
配置

vi /etc/kibana/kibana.yml

1
2
3
4
server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana"
elasticsearch.url: "http://172.10.8.20:9200"

redis

安装
1
2
yum install epel -y
yum install redis -y
配置

vi /etc/redis.conf

1
2
bind 0.0.0.0   #监听所有端口
requirepass testlinux.io   #加密码,为了安全运行

filebeat

安装
1
2
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.1-x86_64.rpm
rpm -ivh filebeat-6.5.1-x86_64.rpm
配置

vim /etc/filebeat/filebeat.yml

1
2
3
4
5
6
7
8
9
10
11
12
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/httpd/*log
#----------------------------- Redis output --------------------------------
output.redis:
  hosts: ["172.10.8.50"]
  password: "testlinux.io"
  key: "apachelogs"
  datatype: "list"
  db: 0
  timeout: 5