当前位置:首页 > 服务端 > Elasticsearch+Kibana+Logstash安装

Elasticsearch+Kibana+Logstash安装

安装环境:

[root@node-1 src]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 

安装之前关闭防火墙 firewalld 和 selinux:

[root@node-1 logs]# systemctl stop firewalld
[root@node-1 logs]# setenforce 0

安装流程:

Kibana->Elasticsearch->Logstash

一、安装运行所需的Java环境,Elasticsearch、Logstash依赖于java环境,使用官方的二进制包解压安装,先下载java linux 64tar.gz包,java 1.8的下载链接: 

http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

配置JAVA环境:

[root@node-1 src]# cd /usr/local/src
[root@node-1 src]# tar xf jdk-8u191-linux-x64.tar.gz 
[root@node-1 src]# mv jdk1.8.0_191 /usr/local

#用全路径验证java是否安装成功
/usr/local/jdk1.8.0_191/bin/java -version

#配置java环境变量
vim /etc/profile加入
export JAVA_HOME=/usr/local/jdk1.8.0_191/
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH

#环境变量生效
source /etc/profile

#java版本查看
[root@node-1 ~]# java -version
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)

安装Kibana:

#kibana下载地址(kibana主要用来展现数据,它本身不存储数据)
https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz

#准备工作,添加elk用户,用elk用户来启动elk
useradd elk
usermod -s /sbin/nologin elk    #不让elk用户来登录系统
#解压安装kibana:
tar -zxf kibana-6.2.3-linux-x86_64.tar.gz
mv kibana-6.2.3-linux-x86_64 /usr/local/kibana-6.2.3

#kibana配置文件
vim /usr/local/kibana-6.2.3/config/kibana.yml修改:
server.port: 5601
server.host: "0.0.0.0"(监听在所有网卡,有风险)
#elasticsearch.url: "http://localhost:9200" (默认是连接elasticsearch的9200端口)
#elasticsearch.username: "user" (配置连接elasticsearch的用户名和密码)
#elasticsearch.password: "pass"

#把kibana目录改为elk用户
chown -R elk:elk /usr/local/kibana-6.2.3/

#新增启动脚本vim /usr/local/kibana-6.2.3/bin/start.sh
nohup /usr/local/kibana-6.2.3/bin/kibana >>/tmp/kibana.log 2>>/tmp/kibana.log &

chmod a+x /usr/local/kibana-6.2.3/bin/start.sh

#用普通用户启动
su -s /bin/bash elk '/usr/local/kibana-6.2.3/bin/start.sh'

访问kibana,如有防火墙需要放开tcp 5601端口

 Nginx限制访问kibana:

默认的kibana是没有任何的权限控制,先把kibana改到监听127.0.0.1,借助nginx来限制访问

1:借助nginx来限制访问,控制源ip的访问
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile        on;
    keepalive_timeout  65;
    server {
       listen       5609;
       access_log  /usr/local/nginx/logs/kibana_access.log main;
       error_log /usr/local/nginx/logs/kibana_error.log error;
       location / {
           allow 127.0.0.1;
           deny all;
           proxy_pass http://127.0.0.1:5601;
       }
    }
}

可以在日志里面找到源ip地址:tail -f /usr/local/nginx/logs/kibana_access.log

2: 如果ip经常变化,就会很麻烦。nginx支持简单的用户名密码认证。
location / {
            auth_basic "elk auth";
            auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            proxy_pass http://127.0.0.1:5601;
        }

printf "elk:$(openssl passwd -1 elkpass)\n" >/usr/local/nginx/conf/htpasswd

3: nginx源码编译安装脚本
if [ -d "/usr/local/nginx/" ];then
    echo "nginx is install"
    exit 1
else
    echo "nginx in not install"
fi

for softpack in wget tar gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel;do
soft_result=`rpm -qa $softpack`
if [ -z "$soft_result" ];then
echo "${softpack} is not exist,install it"
yum -y install ${softpack}
else
echo "${softpack} is exist"
fi
done

cd /usr/local/src
wget 'http://nginx.org/download/nginx-1.12.2.tar.gz'
tar -zxvf nginx-1.12.2.tar.gz
cd nginx-1.12.2
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-stream  --with-stream_ssl_module
make
make install
exit 0

ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/

elasticsearch安装配置:

elasticsearch未安装之前,kibana网页上报错,提示找不到elasticsearch。

1: elasticsearch的下载地址(elasticsearch主要用来存储数据,供kibana调取并进行展现)
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz

解压安装:
cd /usr/local/src/
tar -zxf elasticsearch-6.2.3.tar.gz
mv elasticsearch-6.2.3 /usr/local/

2: elasticsearch配置
vim /usr/local/elasticsearch-6.2.3/config/elasticsearch.yml 修改:
path.data: /usr/local/elasticsearch-6.2.3/data
path.logs: /usr/local/elasticsearch-6.2.3/logs
network.host: 127.0.0.1
http.port: 9200
bootstrap.memory_lock: false
bootstrap.system_call_filter: false

3: 把elasticsearch目录的用户和属主都更新为elk
chown -R elk:elk /usr/local/elasticsearch-6.2.3/

4: 更改jvm的内存限制(看个人配置)
vim /usr/local/elasticsearch-6.2.3/config/jvm.options
-Xms100M
-Xmx100M

5: 编辑elasticsearch启动脚本,使用-d进行后台启动。elasticsearch
vim /usr/local/elasticsearch-6.2.3/bin/start.sh
/usr/local/elasticsearch-6.2.3/bin/elasticsearch -d

chmod a+x /usr/local/elasticsearch-6.2.3/bin/start.sh

6: 启动elasticsearch
su -s /bin/bash elk '/usr/local/elasticsearch-6.2.3/bin/start.sh'
观察日志
观察kibana网页,看下还会不会报elasticsearch的错误

7: elasticsearch如果监听在非127.0.0.1,需要配置内核参数等
network.host: 0.0.0.0

vim /etc/security/limits.conf(处理max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536])
* soft nofile 65536
* hard nofile 65536

vim /etc/security/limits.d/20-nproc.conf(处理max number of threads [3885] for user [elk] is too low, increase to at least [4096])
*          soft    nproc     10240
*          hard    nproc     10240

sysctl.conf添加(处理max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144])
vm.max_map_count = 262144    #需要运行sysctl -p生效

Logstash安装配置:

1: logstash的下载地址(用来读取日志,正则分析日志,发送给elasticsearch数据库)
https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz

解压安装:
tar -zxf logstash-6.2.3.tar.gz
mv logstash-6.2.3 /usr/local/
ll -h /usr/local/logstash-6.2.3

2: 更改logstash jvm配置vim /usr/local/logstash-6.2.3/config/jvm.options 
-Xms150M
-Xmx150M

3: logstash配置 vim /usr/local/logstash-6.2.3/config/logstash.conf
input {
  file {
    path => "/usr/local/nginx/logs/kibana_access.log"
  }
}
output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
  }
}

4: logstash的启动脚本:
vim /usr/local/logstash-6.2.3/bin/start.sh
nohup /usr/local/logstash-6.2.3/bin/logstash -f /usr/local/logstash-6.2.3/config/logstash.conf >>/tmp/logstash.log 2>>/tmp/logstash.log &

chmod a+x  /usr/local/logstash-6.2.3/bin/start.sh

5: 启动logstash
/usr/local/logstash-6.2.3/bin/start.sh

logstash的启动时间会有点慢,等启动过后查看kibana的界面,会有可以创建索引的地方。

 

作者:BigZero
来源链接:https://www.cnblogs.com/pythonal/p/9930454.html

版权声明:
1、JavaClub(https://www.javaclub.cn)以学习交流为目的,由作者投稿、网友推荐和小编整理收藏优秀的IT技术及相关内容,包括但不限于文字、图片、音频、视频、软件、程序等,其均来自互联网,本站不享有版权,版权归原作者所有。

2、本站提供的内容仅用于个人学习、研究或欣赏,以及其他非商业性或非盈利性用途,但同时应遵守著作权法及其他相关法律的规定,不得侵犯相关权利人及本网站的合法权利。
3、本网站内容原作者如不愿意在本网站刊登内容,请及时通知本站(javaclubcn@163.com),我们将第一时间核实后及时予以删除。


本文链接:https://www.javaclub.cn/server/68484.html

分享给朋友: