zoukankan      html  css  js  c++  java
  • elk分布式+ logstash日志监控+kibana监控

    [root@server1 head]# vim /etc/elasticsearch/elasticsearch.yml
     68 discovery.zen.ping.unicast.hosts: ["server1", "server2","server3"]

    server2
    root@server2 ~]# ls
    elasticsearch-2.3.3.rpm  jdk-8u121-linux-x64.rpm
    [root@server2 ~]# yum install elasticsearch-2.3.3.rpm jdk-8u121-linux-x64.rpm  -y
    [root@server2 ~]# vim /etc/elasticsearch/elasticsearch.yml
     17 cluster.name: my-bs
     23 node.name: server2
     43 bootstrap.mlockall: true
     54 network.host: 172.25.8.2
     68 discovery.zen.ping.unicast.hosts: ["server1", "server2","server3"]
    [root@server2 ~]# vim /etc/security/limits.conf
    elasticsearch soft memlock unlimited
    elasticsearch hard memlock unlimited
    [root@server2 ~]# /etc/init.d/elasticsearch start

    server3
    [root@server3 ~]# ls
    elasticsearch-2.3.3.rpm  jdk-8u121-linux-x64.rpm
    [root@server3 ~]# yum install -y elasticsearch-2.3.3.rpm  jdk-8u121-linux-x64.rpm
    [root@server3 ~]# vim /etc/security/limits.conf
    elasticsearch soft memlock unlimited
    elasticsearch hard memlock unlimited
    [root@server3 ~]# vim /etc/elasticsearch/elasticsearch.yml
     17 cluster.name: my-bs
     23 node.name: server3
     43 bootstrap.mlockall: true
     54 network.host: 172.25.8.3
     68 discovery.zen.ping.unicast.hosts: ["server1", "server2","server3"]
    [root@server3 ~]# /etc/init.d/elasticsearch start
    访问web  http://172.25.8.1:9200/_plugin/head/(刷新一下)
     
    优化
    [root@server1 ~]# vim /etc/elasticsearch/elasticsearch.yml
     24 node.master: true
     25 node.data: false
    [root@server2 ~]# vim /etc/elasticsearch/elasticsearch.yml
    24 node.master: false
    25 node.data: true
    [root@server3 ~]# vim /etc/elasticsearch/elasticsearch.yml
     24 node.master: false
     25 node.data: true
    [root@server1 ~]# /etc/init.d/elasticsearch restart
    [root@server2 ~]# /etc/init.d/elasticsearch restart
    [root@server3 ~]# /etc/init.d/elasticsearch restart
    访问web  http://172.25.8.1:9200/_plugin/head/(刷新一下)
     
     
     

    通过api命令添加数据
    [root@server1 elk]# rpm -ivh logstash-2.3.3-1.noarch.rpm
    [root@server1 elk]# cd /opt/logstash/
    [root@server1 logstash]# bin/logstash -e 'input { stdin { } } output {stdout { } }'
    Settings: Default pipeline workers: 1
    Pipeline main started
    hello world
    2018-10-26T03:10:48.712Z server1 hello world
    [root@server1 logstash]# bin/logstash -e 'input { stdin { } } output {stdout { codec => rubydebug } elasticsearch { hosts => ["172.25.8.1"] index => "logstash-%{+YYYY.MM.dd}" }  }'
    Settings: Default pipeline workers: 1
    Pipeline main started
    duang
    {
           "message" => "duang",
          "@version" => "1",
        "@timestamp" => "2018-10-26T03:14:44.572Z",
              "host" => "server1"
    }

    ot@server1 logstash]# cd /etc/logstash/conf.d/
    [root@server1 conf.d]# vim bs.conf
    input {
            stdin {}
    }
     
    output {
            stdout {
                    codec => rubydebug
            }
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "logstash-%{+YYYY.MM.dd}"
            }
            file {
                    path => "/tmp/tsetfile"
                    codec => line { format => "custom format: %{message}"}
            }
    }
    [root@server1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/bs.conf
    Settings: Default pipeline workers: 1
    Pipeline main started
    hello
    {
           "message" => "hello",
          "@version" => "1",
        "@timestamp" => "2018-10-26T03:32:12.888Z",
              "host" => "server1"
    }
    duang duang
    {
           "message" => "duang duang",
          "@version" => "1",
        "@timestamp" => "2018-10-26T03:32:18.748Z",
              "host" => "server1"
    }
    ^CSIGINT received. Shutting down the agent. {:level=>:warn}
    stopping pipeline {:id=>"main"}
    Pipeline main has been shutdown
    访问web
    [root@server1 conf.d]# cat /tmp/tsetfile
    custom format: hello
    custom format: duang duang
     
    [root@server1 conf.d]# vim ss.conf
    input {
            file {
                    path => "/var/log/messages"
                    start_position => "beginning"
            }
    }
     
    output {
    #       stdout {
    #               codec => rubydebug
    #       }
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "messages-%{+YYYY.MM.dd}"
            }
    #        file {
    #                path => "/tmp/tsetfile"
    #                codec => line { format => "custom format: %{message}"}
    #        }
    }
    [root@server1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/ss.conf
    Settings: Default pipeline workers: 1
    Pipeline main started
    LOL
    LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
    LOLOLOLOLOL
    LOLOLLOLOLOLOLOOL
    LOLOL
    ^CSIGINT received. Shutting down the agent. {:level=>:warn}
    stopping pipeline {:id=>"main"}
    Pipeline main has been shutdown
    访问web
     
    [root@server1 conf.d]# vim ss.conf
    [root@server1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/ss.conf

    [root@server2 ~]# vim /etc/rsyslog.conf
     13 $ModLoad imudp
     14 $UDPServerRun 514
     17 $ModLoad imtcp
     18 $InputTCPServerRun 514
     81 *.*  @@172.25.8.1:514
    [root@server2 ~]# /etc/init.d/rsyslog restart
    访问web
     
    [root@server1 log]# cd /etc/logstash/conf.d/
    [root@server1 conf.d]# vim bs.conf
    input {
            file {
                    path => "/var/log/elasticsearch/my-bs.log"
                    start_position => "beginning"
            }
    }

    filter {
            multiline {
                    pattern => "^["
                    negate => "true"
                    what => "previous"
            }
    }
    output {
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "bs-%{+YYYY.MM.dd}"
            }
    }
    [root@server1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/bs.conf
    访问web

    vim bs.conf
    input {
            file {
                    path => "/var/log/elasticsearch/my-bs.log"
                    start_position => "beginning"
                    codec => multiline {
                            pattern => "^["
                            negate => "true"
                            what => "previous"
                    }
            }
    }
    output {
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "bs-%{+YYYY.MM.dd}"
            }
    }
     
    httpd日志监控
    nput {
            file {
                    path => "/var/log/httpd/access_log"
                    start_position => "beginning"
    }
    filter {
            grok {
                    match => { "message" => "%{COMBINEDAPACHELOG}"}
            }
    }
    output {
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "apache-%{+YYYY.MM.dd}"
            }
    }
    /opt/logstash/bin/logstash -f /etc/logstash/conf.d/bs.conf
     
     
    nginx日志监控
    [root@server1 ~]# /etc/init.d/httpd stop
    [root@server1 ~]# /etc/init.d/nginx start
    input {
            file {
                    path => "/var/log/nginx/access.log"
                    start_position => "beginning"
            }
    }
    filter {
            grok {
                    match => { "message" => "%{COMBINEDAPACHELOG}  %{QS:xforward}" }
            }
    }
    output {
            elasticsearch {
                    hosts => ["172.25.8.1"]
                    index => "nginx-%{+YYYY.MM.dd}"
            }
    }
    ot@server1 conf.d]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/bs.conf
    fangwen web

    kibana
    [root@server1 elk]# rpm -ivh kibana-4.5.1-1.x86_64.rpm
    [root@server1 elk]# cd /opt/kibana/config/
    [root@server1 config]# vim kibana.yml
     15 elasticsearch.url: "http://172.25.8.1:9200"
     23 kibana.index: ".kibana"
    [root@server1 config]# /etc/init.d/kibana start
    web:172.25.8.1:5601
     
     
  • 相关阅读:
    2018 桂林ccpc现场赛 总结
    2018 南京icpc现场赛总结
    nowcoder 203J Graph Coloring I(dfs)
    nowcoder 203A Knight(贪心+打表)
    nowcoder 202H-卡牌游戏
    nowcoder 202F-平衡二叉树
    topcoder srm 738 div1 FindThePerfectTriangle(枚举)
    codeforces 1041 E.Vasya and Good Sequences(暴力?)
    hdu 3507 Print Article(dp+斜率优化)
    hdu 1007 Quoit Design(分治)
  • 原文地址:https://www.cnblogs.com/zhengyipengyou/p/9872699.html
Copyright © 2011-2022 走看看