1、安裝Java JDK 2、安裝Elasticsearch 1、導入Elasticsearch的GPG公鑰 2、添加Elasticsearch倉庫源 3、安裝elasticsearch 4、安裝完成之後,配置Elasticsearch 5、啟動Elasticsearch服務並加入開機自啟 3、安裝 ...
1、安裝Java JDK
sudo apt-get install default-jdk2、安裝Elasticsearch
1、導入Elasticsearch的GPG公鑰
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -2、添加Elasticsearch倉庫源
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list3、安裝elasticsearch
sudo apt-get update
sudo apt-get install elasticsearch4、安裝完成之後,配置Elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml
network.host: localhost 取消下麵一行註釋,並把值替換為localhost:5、啟動Elasticsearch服務並加入開機自啟
sudo systemctl start elasticsearch
sudo systemctl enbale elasticsearch3、安裝Kibana
1、添加kibana倉庫
echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list2、安裝kibana
sudo apt-get update
sudo apt-get install kibana3、配置kinbana
sudo vim /opt/kibana/config/kibana.yml
server.host: "localhost" 把值改為localhost4、啟動kinbana服務並加入開機自啟
sudo systemctl start kinbana
sudo systemctl enbale kinbana4、安裝nginx
sudo apt-get install nginx1、啟動nginx並加入開機自啟
sudo systemctl start nginx
sudo systemctl enable nginx2、使用openssl創建一個管理員(admin)
按照提示創建用戶和密碼,用來登陸kinbana web
sudo -v
echo "admin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users3、修改nginx配置文件
sudo vim /etc/nginx/conf.d/elk.conf
server {
listen 80;
server_name your_domain_or_IP; 填寫你的ip或者功能變數名稱
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
4、檢查nginx配置語法
ok的話就重啟nginx
nginx -t
sudo systemctl restart nginx5、安裝Logstash
1、添加Logstash軟體源
echo "deb http://packages.elastic.co/logstash/2.3/debian stable main" | sudo tee -a /etc/apt/sources.list2、安裝Logstash
sudo apt-get update
sudo apt-get install logstash3、設置接收的日誌格式及類型,創建配置文件
sudo vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}6、安裝Filebeat
1、添加Filebeat源和key
echo "deb https://packages.elastic.co/beats/apt stable main" | sudo tee -a /etc/apt/sources.list.d/beats.list
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -2、安裝Filebeat
sudo apt-get update
sudo apt-get install filebeat3、啟動Filebeat並加入開機自啟
sudo systemctl start filebeat
sudo systemctl enable filebeat7、登陸web端添加索引
索引名稱填寫為 filebeat-*
