介紹The Elastic Stack?- 它不是一個(gè)軟件，而是Elasticsearch，Logstash，Kibana 開源軟件的集合，對外是作為一個(gè)日志管理系統(tǒng)的開源方案。它可以從任何來源，任何格式進(jìn)行日志搜索，分析獲取數(shù)據(jù)，并實(shí)時(shí)進(jìn)行展示。像盾牌（安全），監(jiān)護(hù)者（警報(bào)）和Marvel（監(jiān)測）一樣為你的產(chǎn)品提供更多的可能。Elasticsearch：搜索，提供分布式全文搜索引擎Logstash: 日志收集，管理，存儲Kibana ：日志的過濾web 展示
Filebeat：監(jiān)控日志文件、轉(zhuǎn)發(fā)測試環(huán)境規(guī)劃圖環(huán)境：ip、主機(jī)名按照如上規(guī)劃，系統(tǒng)已經(jīng) update. 所有主機(jī)時(shí)間一致。防火墻測試環(huán)境已關(guān)閉。下面是這次elk學(xué)習(xí)的部署安裝目的：通過elk 主機(jī)收集監(jiān)控主要server的系統(tǒng)日志、以及線上應(yīng)用服務(wù)日志。
安裝3.1.基礎(chǔ)環(huán)境檢查[root@elk ~]# hostnameelk.test.com
[root@elk ~]# cat /etc/hosts127.0.0.1 ? localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 ? ? ? ? localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.30.67 ? elk.test.com192.168.30.99 ? rsyslog.test.com192.168.30.64 ? nginx.test.com
3.2.軟件包[root@elk ~]# cd elk/[root@elk elk]# wget -c https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.3.3/elasticsearch-2.3.3.rpm[root@elk elk]# wget -c https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.3.2-1.noarch.rpm[root@elk elk]# wget https://download.elastic.co/kibana/kibana/kibana-4.5.1-1.x86_64.rpm[root@elk elk]# wget -c https://download.elastic.co/beats/filebeat/filebeat-1.2.3-x86_64.rpm
3.3.檢查[root@elk elk]# lselasticsearch-2.3.3.rpm ?filebeat-1.2.3-x86_64.rpm ?kibana-4.5.1-1.x86_64.rpm ?logstash-2.3.2-1.noarch.rpm
服務(wù)器只需要安裝e、l、k, 客戶端只需要安裝filebeat。?3.4.安裝elasticsearch，先安裝jdk，elk server 需要java 開發(fā)環(huán)境支持，由于客戶端上使用的是filebeat軟件，它不依賴java環(huán)境，所以不需要安裝。[root@elk elk]# yum install java-1.8.0-openjdk -y[root@elk elk]# yum localinstall elasticsearch-2.3.3.rpm -y..... ?Installing : elasticsearch-2.3.3-1.noarch ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1/1### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service ?Verifying ?: elasticsearch-2.3.3-1.noarch ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1/1Installed: ?elasticsearch.noarch 0:2.3.3-1[root@elk elk]# systemctl daemon-reload[root@elk elk]# systemctl enable elasticsearchCreated symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.[root@elk elk]# systemctl start elasticsearch[root@elk elk]# systemctl status elasticsearch● elasticsearch.service - Elasticsearch ? Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled) ? Active: active (running) since Fri 2016-05-20 15:38:35 CST; 12s ago ? ? Docs: http://www.elastic.co ?Process: 10428 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS) Main PID: 10430 (java) ? CGroup: /system.slice/elasticsearch.service ? ? ? ? ? └─10430 /bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancy...May 20 15:38:38 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:38,279][INFO ][env ? ? ? ? ? ? ? ? ? ? ?] [James Howlett] heap...[true]May 20 15:38:38 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:38,279][WARN ][env ? ? ? ? ? ? ? ? ? ? ?] [James Howlett] max ...65536]May 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,726][INFO ][node ? ? ? ? ? ? ? ? ? ? ] [James Howlett] initializedMay 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,726][INFO ][node ? ? ? ? ? ? ? ? ? ? ] [James Howlett] starting ...May 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,915][INFO ][transport ? ? ? ? ? ? ? ?] [James Howlett] publ...:9300}May 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,920][INFO ][discovery ? ? ? ? ? ? ? ?] [James Howlett] elas...xx35hwMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,099][INFO ][cluster.service ? ? ? ? ?] [James Howlett] new_...eived)May 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,164][INFO ][gateway ? ? ? ? ? ? ? ? ?] [James Howlett] reco..._stateMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,185][INFO ][http ? ? ? ? ? ? ? ? ? ? ] [James Howlett] publ...:9200}May 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,185][INFO ][node ? ? ? ? ? ? ? ? ? ? ] [James Howlett] startedHint: Some lines were ellipsized, use -l to show in full.
?檢查服務(wù)[root@elk elk]# rpm -qc elasticsearch/etc/elasticsearch/elasticsearch.yml/etc/elasticsearch/logging.yml/etc/init.d/elasticsearch/etc/sysconfig/elasticsearch/usr/lib/sysctl.d/elasticsearch.conf/usr/lib/systemd/system/elasticsearch.service/usr/lib/tmpfiles.d/elasticsearch.conf
[root@elk elk]# netstat -nltp | grep java
tcp6 ? ? ? 0 ? ? ?0 127.0.0.1:9200 ? ? ? ? ?:::* ? ? ? ? ? ? ? ? ? ?LISTEN ? ? ?10430/java
tcp6 ? ? ? 0 ? ? ?0 ::1:9200 ? ? ? ? ? ? ? ?:::* ? ? ? ? ? ? ? ? ? ?LISTEN ? ? ?10430/java
tcp6 ? ? ? 0 ? ? ?0 127.0.0.1:9300 ? ? ? ? ?:::* ? ? ? ? ? ? ? ? ? ?LISTEN ? ? ?10430/java
tcp6 ? ? ? 0 ? ? ?0 ::1:9300 ? ? ? ? ? ? ? ?:::* ? ? ? ? ? ? ? ? ? ?LISTEN ? ? ?10430/java
修改防火墻，將9200、9300 端口對外開放[root@elk elk]# firewall-cmd --permanent --add-port={9200/tcp,9300/tcp}
success
[root@elk elk]# firewall-cmd --reload
success
[root@elk elk]# firewall-cmd ?--list-all
public (default, active)
?interfaces: eno16777984 eno33557248
?sources:
?services: dhcpv6-client ssh
?ports: 9200/tcp 9300/tcp
?masquerade: no
?forward-ports:
?icmp-blocks:
?rich rules:
3.5 安裝kibana[root@elk elk]# yum localinstall kibana-4.5.1-1.x86_64.rpm –y
[root@elk elk]# systemctl enable kibana
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /usr/lib/systemd/system/kibana.service.
[root@elk elk]# systemctl start kibana

[root@elk elk]# systemctl status kibana
● kibana.service - no description given
? Loaded: loaded (/usr/lib/systemd/system/kibana.service; enabled; vendor preset: disabled)
? Active: active (running) since Fri 2016-05-20 15:49:02 CST; 20s ago
Main PID: 11260 (node)
? CGroup: /system.slice/kibana.service
? ? ? ? ? └─11260 /opt/kibana/bin/../node/bin/node /opt/kibana/bin/../src/cli

May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:elasticsearch...May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:kbn_vi...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:markdo...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:metric...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:spyMod...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:status...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:table_...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["listening","info"],"pi...:5601"}
May 20 15:49:10 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:10+00:00","tags":["status","plugin:elasticsearch...May 20 15:49:14 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:14+00:00","tags":["status","plugin:elasti...found"}
Hint: Some lines were ellipsized, use -l to show in full.
檢查kibana服務(wù)運(yùn)行（Kibana默認(rèn) 進(jìn)程名：node ，端口5601）[root@elk elk]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address ? ? ? ? ? Foreign Address ? ? ? ? State ? ? ? PID/Program name
tcp ? ? ? ?0 ? ? ?0 0.0.0.0:22 ? ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?909/sshd
tcp ? ? ? ?0 ? ? ?0 127.0.0.1:25 ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?1595/master
tcp ? ? ? ?0 ? ? ?0 0.0.0.0:5601 ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?11260/node
修改防火墻，對外開放tcp/5601[root@elk elk]# firewall-cmd --permanent --add-port=5601/tcp
Success
[root@elk elk]# firewall-cmd --reload
success
[root@elk elk]# firewall-cmd --list-all
public (default, active)
?interfaces: eno16777984 eno33557248
?sources:
?services: dhcpv6-client ssh
?ports: 9200/tcp 9300/tcp 5601/tcp
?masquerade: no
?forward-ports:
?icmp-blocks:
?rich rules:3.5 安裝kibana[root@elk elk]# yum localinstall kibana-4.5.1-1.x86_64.rpm –y
[root@elk elk]# systemctl enable kibana
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /usr/lib/systemd/system/kibana.service.
[root@elk elk]# systemctl start kibana

[root@elk elk]# systemctl status kibana
● kibana.service - no description given
? Loaded: loaded (/usr/lib/systemd/system/kibana.service; enabled; vendor preset: disabled)
? Active: active (running) since Fri 2016-05-20 15:49:02 CST; 20s ago
Main PID: 11260 (node)
? CGroup: /system.slice/kibana.service
? ? ? ? ? └─11260 /opt/kibana/bin/../node/bin/node /opt/kibana/bin/../src/cli

May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:elasticsearch...May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:kbn_vi...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:markdo...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:metric...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:spyMod...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:status...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["status","plugin:table_...lized"}
May 20 15:49:05 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:05+00:00","tags":["listening","info"],"pi...:5601"}
May 20 15:49:10 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:10+00:00","tags":["status","plugin:elasticsearch...May 20 15:49:14 elk.test.com kibana[11260]: {"type":"log","@timestamp":"2016-05-20T07:49:14+00:00","tags":["status","plugin:elasti...found"}
Hint: Some lines were ellipsized, use -l to show in full.
檢查kibana服務(wù)運(yùn)行（Kibana默認(rèn) 進(jìn)程名：node ，端口5601）[root@elk elk]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address ? ? ? ? ? Foreign Address ? ? ? ? State ? ? ? PID/Program name
tcp ? ? ? ?0 ? ? ?0 0.0.0.0:22 ? ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?909/sshd
tcp ? ? ? ?0 ? ? ?0 127.0.0.1:25 ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?1595/master
tcp ? ? ? ?0 ? ? ?0 0.0.0.0:5601 ? ? ? ? ? ?0.0.0.0:* ? ? ? ? ? ? ? LISTEN ? ? ?11260/node
修改防火墻，對外開放tcp/5601[root@elk elk]# firewall-cmd --permanent --add-port=5601/tcp
Success
[root@elk elk]# firewall-cmd --reload
success
[root@elk elk]# firewall-cmd --list-all
public (default, active)
?interfaces: eno16777984 eno33557248
?sources:
?services: dhcpv6-client ssh
?ports: 9200/tcp 9300/tcp 5601/tcp
?masquerade: no
?forward-ports:
?icmp-blocks:
?rich rules:

閱讀 投訴精選留言

該文章作者已設(shè)置需關(guān)注才可以留言

寫留言

該文章作者已設(shè)置需關(guān)注才可以留言

寫留言

加載中以上留言由公眾號篩選后顯示

了解留言功能詳情

微信掃一掃
關(guān)注該公眾號

來自為知筆記(Wiz)

轉(zhuǎn)載于:https://www.cnblogs.com/sanyuanempire/p/6169454.html

總結(jié)

以上是生活随笔為你收集整理的CentOS 7下安装Logstash ELK Stack 日志管理系统（上）的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。