日志分析系统

日志分析系统

日志分析系统

配置ELK
Elasticsearch
安装
[root@centos01 ~]# rpm -ivh /mnt/elasticsearch-5.5.0.rpm

修改配置文件

[root@centos01 ~]# vim /etc/l
cluster.name: my-elk
node.name: centos01
_lock: false
network.host: 192.168.100.10
http.port: ping.unicast.hosts: [“centos01”, “centos02”]


启动服务设置开机自动启动
[root@centos01 ~]# systemctl daemon-reload
[root@centos01 ~]# systemctl start elasticsearch.service
[root@centos01 ~]# systemctl enable elasticsearch.service

监听端口
[root@centos01 ~]# netstat -anptu | grep 9200

elasticsearch-head
安装依赖node
[root@centos01 ~]# mv /usr/src/node-v8.2.1/ /usr/local/node

[root@centos01 ~]# cd /usr/local/node/

[root@centos01 node]# ./configure && make && make install

安装phantomjs
[root@centos01 bin]# cp phantomjs /usr/local/bin/
[root@centos01 bin]# chmod +x /usr/local/bin/phantomjs

移动elasticsearch-head
[root@centos01 ~]# mv /usr/src/elasticsearch-head/ /usr/local/
[root@centos01 ~]# cd /usr/local/elasticsearch-head/
[root@centos01 elasticsearch-head]# npm install

修改elasticsearch跨域访问
[root@centos01 ~]# vim /etc/l
s.enabled: true
s.allow-origin: “*”
[root@centos01 ~]# /etc/init.d/elasticsearch restart

修改elasticsearch-head配置文件监听9200
[root@centos01 ~]# vim /usr/local/elasticsearch-head/_site/app.js
4329 this.base_uri = fig.base_uri || (“app-base_uri”) || “192.168.100.10:9200”;

修改修改elasticsearch-head配置文件监听9100端口
[root@centos01 ~]# vim /usr/local/elasticsearch-head/Gruntfile.js
93 hostname:‘192.168.100.10’,
94 port: 9100,


启动服务
[root@centos01 ~]# cd /usr/local/elasticsearch-head/
[root@centos01 elasticsearch-head]# npm run start&

安装配置logstash
1）安装logstash
[root@centos03 ~]# rpm -ivh logstash-5.5.1.rpm

优化命令

启动服务设置开机自动启动
[root@centos03 ~]# systemctl start logstash
[root@centos03 ~]# systemctl enable logstash

4）插入测试数据
[root@centos03 ~]# logstash -e ‘input { stdin{}} output { stdout{}}’
[root@centos03 ~]# logstash -e ‘input { stdin{}} output { stdout{ codec=>rubydebug}}’
[root@centos03 ~]# logstash -e ‘input { stdin{}} output { elasticsearch{hosts => [“192.168.100.10:9200”]}}’



采集apache成功日志
1）设置允许日志读取
[root@centos03 ~]# chmod o+r /var/log/httpd/access_log

创建采集日志文件
[root@centos03 ~]# touch /etc/logstash/conf.f
[root@centos03 ~]# chmod +x /etc/logstash/conf.f



检查日志采集文件是否有问题
[root@centos03 ~]# logstash -f /etc/logstash/conf.f

）重新启动logstash
[root@centos03 ~]# systemctl restart logstash.service


安装配置kibana
1）安装
[root@centos01 ~]# rpm -ivh /mnt/kibana-5.5.1-x86_64.rpm

修改主配置文件
[root@centos01 ~]# vim /etc/l
3 server.port: 5601
9 server.host: “192.168.100.10”
24 elasticsearch.url: “192.168.100.10:9200”

）启动服务
[root@centos01 ~]# systemctl start kibana
[root@centos01 ~]# systemctl enable kibana