1、Elasticsearch (ES)配置:
部署配置ES,需要配置JDK环境,JDK是Java语言的软件开发工具包:
下载JAVA jdk源码包:
wget https://mirrors.yangxingzhen.com/jdk/jdk-11.0.1_linux-x64_bin.tar.gz tar xf jdk11.0.1_linux-x64_bin.tar.gz mv jdk11.0.1_linux-64_bin /usr/java
设置环境变量:
cat >>/etc/profile<<EOF export JAVA_HOME=/usr/java export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH EOF source /etc/profile java -version
ELK环境信息:
192.168.1.11 Elasticsearch 192.168.1.12 kibana 192.168.1.13 logstash
1) 配置ES
下载elasticsearch7.5.1版本:
wget http://mirrors.cnbugs.com/LINUX/elasticsearch/elasticsearch-7.5.1-linux-x86_64.tar.gz tar xf elasticsearch-7.5.1-linux-x86_64.tar.gz mv elasticsearch-7.5.1 /usr/local/elasticsearch
修改 /usr/local/elasticsearch/config/elasticsearch.yml文件,设置监听端口地址为:0.0.0.0
创建elk用户, 用来启动ES,ES服务默认不允许使用root启动服务:
useradd elk chown -R elk. /usr/local/elasticsearch su - elk /usr/local/elasticsearch/bin/elasticsearch -d
查看日志及监听端口:
tailf /usr/local/elasticsearch/logs/elasticsearch.log ps -ef|grep java netstat -nutlp|grep -E "9200|9300"
报错问题汇总:
1、ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
解决方法:vim /etc/security/limits.conf (添加如下两行)
* soft nofile 65536 * hard nofile 65536 * soft nproc 5000 * hard nproc 5000 root soft nproc 5000 root hard nproc 5000
2、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
解决方法: vim //usr/local/elasticsearch/config/elasticsearch.yml
# 在第23行位置去掉注释,起个名字,默认是node-1 node.name: node-1
3、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
解决方法:vim /usr/local/elasticsearch/config/elasticsearch.yml
# 在第72行位置去掉注释,修改为只保留一个node-1,名称要和node.name的名字保持一致 cluster.initial_master_nodes: ["node-1"]
3、ERROR: [1] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决方法:vim /etc/sysctl.conf 添加如下一行代码: sysctl -p 生效
vm.max_map_count=262144
2、kibana WEB 配置:
下载kibana:
wget https://mirrors.yangxingzhen.com/kibana/kibana-7.5.1-linux-x86_64.tar.gz
部署安装kibana 不需要安装Java jdk环境,下载源码包,解压启动即可:
tar xf kibana-7.5.1-linux-x86_64.tar.gz
mv kibana-7.5.1-linux-x86_64 /usr/local/kibana
修改kibana配置文件信息(监听端口和IP地址),设置ES地址:
vim /usr/local/kibana/config/kibana.yml
启动服务: /usr/local/kibana/bin/kibana ps -ef|grep node netstat -nutlp|grep 5601 浏览器访问:192.168.1.12:5601
设置后台启动:
nohup /usr/local/kibana/bin/kibana &
4、ELK7.5.1修改为中文版:
修改kibana配置文件:
[elk@kibana ~]$ vim /usr/local/kibana/config/kibana.yml #最后一行配置信息 i18n.locale: "zh-CN" 重启kibana: nohup /usr/local/kibana/bin/kibana >&1 &
5、logstash 配置:
由于logstash基于JAVA 语言开发,logstash客户端部署需要安装JDK环境:
wget https://mirrors.yangxingzhen.com/jdk/jdk-11.0.1_linux-x64_bin.tar.gz tar xf jdk11.0.1_linux-x64_bin.tar.gz mv jdk11.0.1_linux-64_bin /usr/java
设置环境变量:
cat >>/etc/profile<<EOF export JAVA_HOME=/usr/java export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH EOF source /etc/profile java -version
下载logstash软件包:
wget https://mirrors.yangxingzhen.com/logstash/logstash-7.5.1.tar.gz tar xf logstash-7.5.1.tar.gz mv logstash-7.5.1 /usr/local/logstash
ELK收集系统日志:
创建收集日志配置目录及文件:
mkdir -p /usr/local/logstash/config/etc/ cd /usr/local/logstash/config/etc/ touch index.conf
index.conf内容如下:
input { stdin { } } output { stdout { codec => rubydebug {} } elasticsearch { hosts => "192.168.1.11:9200" } }
启动index.conf服务:
/usr/local/logstash/bin/logstash -f index.conf
浏览器访问:192.168.1.12:5601
