zoukankan      html  css  js  c++  java

  • ubuntu 16.4 安装 filebeat+Logstash+ElasticSearch+Kibana

    ubuntu 16.4 安装 filebeat+Logstash+ElasticSearch+Kibana(ELK)

    安装java 8

    sudo add-apt-repository -y ppa:webupd8team/java
	
sudo apt-get update
	
sudo apt-get -y install oracle-java8-installer

    elasticsearch

    mkdir elasticsearch; cd elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.deb

sudo dpkg -i elasticsearch-6.3.0.deb

      

    下面这几行去掉注释

    cluster.name:   #  自定义 下同
node.name:
path.data:
path.logs:
network.host: 127.0.0.1
http.port: 9200

      

    启动

    sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch

      

    测试:

    curl -XGET "http://localhost:9200" 会出现以下内容

    {
  "name" : "luOq_eh",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "mIcflXKsR3-ER66MCTSJzA",
  "version" : {
    "number" : "5.2.1",
    "build_hash" : "db0d481",
    "build_date" : "2017-02-09T22:05:32.386Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.1"
  },
  "tagline" : "You Know, for Search"
}

      

    Logstash

    wget  https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.deb
sudo dpkg -i logstash-6.3.0.deb

      

    配置

    input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

      

    启动

    sudo systemctl daemon-reload
sudo systemctl enable logstash
sudo systemctl restart logstash

      

    Kibana

    wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-amd64.deb 

sudo dpkg -i kibana-6.3.0-amd64.deb

      

    配置:修改下面内容

    server.port: 5601
server.host: "0.0.0.0"
server.name: "127.0.0.1"
elasticsearch.url: "http://127.0.0.1:9200"

      

    启动

    sudosu  systemctl daemon-reload

sudo systemctl enable kibana

sudo systemctl start kibana

      

    filebeat

    wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-amd64.deb
 
sudo dpkg -i filebeat-6.3.0-amd64.deb

      

    修改配置

    #  设置input
- input_type: log
 enabled: true
 paths:
   - /var/log/test.log
   
#  设置output  
#  注释掉 elacsearch的输出  开放logstash
   
output.logstash:
 hosts: ["127.0.0.1:5044"]

      

    启动

    sudosu  systemctl daemon-reload

sudo systemctl enable filebeat

sudo systemctl start filebeat

      

    测试:

    • 修改 /var/log/test.log (所监控log)内容
    echo "这是第一条测试" >> /var/log/test.log
    • 浏览器访问http://localhost:5601
    • 然后 依次点击菜单management Index Patterns Add New 输入 filebeat-* 点击确定 然后点击菜单Discover 就会发现 刚刚添加的内容
  • 相关阅读:
    黑客网站拒绝删除微软机密文件 被迫关停 狼人:
    微软:SE2010不是我们的杀毒软件 狼人:
    Websense互联网威胁报告: Web威胁更具混合性 狼人:
    安全厂商:至少100家企业遭遇谷歌同样攻击 狼人:
    金山毒霸:极虎继续发威 病毒借兽兽门大肆传播 狼人:
    网站站点百度再出新声明 内容始终是王道
    目标合并【C++】容器元素的复制和变换
    设置配置高可用的Mysql双机热备(Mysql_HA)
    百度高度js 检测web页面是否正在操作,如超过规定时间内未操作将自动跳转至指定页面。
    删除元素【C++】顺序容器 Vector 注意事项
  • 原文地址:https://www.cnblogs.com/libinblogs/p/9285868.html
Copyright © 2011-2022 走看看