ELK之Kibana部署、收集系统日志、一个文件收集多个日志
1.安装及配置Kibana
cd /usr/local/src yum -y install kibana-5.4.0-x86_64.rpm grep "^[a-Z]" /etc/kibana/kibana.yml server.port: 5601 server.host: "10.0.0.22" elasticsearch.url: "http://10.0.0.22:9200" systemctl enable kibana systemctl start kibana # 浏览器访问10.0.0.22:5601,通过http://10.0.0.22:5601/status来查看是否正常
2.通过配置logstash文件收集message日志
在Kibana上展示上一节收集的日志信息,添加索引
使用logstash配置文件收集messages日志
vim /etc/logstash/conf.d/system.conf input { file { path => "/var/log/messages" type => "systemlog" start_position => "beginning" stat_interval => "2" } } output { elasticsearch { hosts => ["10.0.0.22:9200"] index => "logstash-systemlog-%{+YYYY.MM.dd}" } } path => "/var/log/messages":要收集的文件路径 start_position => "beginning":从什么位置开始读取文件数据,默认是结束位置,会以类似 tail -F 的形式运行. 如果你是要导入原有数据,把这个设定改成"beginning",logstash 进程就从头开始读取,类似 less +F 的形式运行. stat_interval => "2":每隔多久检查一次 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/system.conf -t # 检测配置文件是否有语法错误 ll /var/log/messages # logstash是普通用户,想要对系统日志有读权限,就得改文件权限 chmod 644 /var/log/messages systemctl restart logstash
在管理界面查看是否有相应的索引
添加到Kibana中展示,创建索引
3.使用一个配置文件收集多个日志(这个配置文件是后来改过的)
cat /etc/logstash/conf.d/colectTwo.conf input { file { path => "/var/log/nginx/access.log" type => "nginx-access" start_position => "beginning" stat_interval => "2" } file { path => "/var/log/nginx/error.log" type => "nginx-error" start_position => "beginning" stat_interval => "2" } file { path => "/var/log/mysql.log" type => "mysql-log" start_position => "beginning" stat_interval => "2" } } output { if [type] == "nginx-access" { elasticsearch { hosts => ["10.0.0.22:9200"] index => "logstash-nginx-access-%{+YYYY.MM.dd}" } } if [type] == "nginx-error" { elasticsearch { hosts => ["10.0.0.22:9200"] index => "logstash-nginx-error-%{+YYYY.MM.dd}" } } if [type] == "mysql-log" { elasticsearch { hosts => ["10.0.0.22:9200"] index => "logstash-mysql-log-%{+YYYY.MM.dd}" } } } 配置文件检测语法是否正常: /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/colectTwo.conf -t systemctl restart logstash echo qweqweqweasdqwedqwe > /var/log/mysql.log chmod 666 /var/log/mysql.log usermod -G adm logstash
通过head插件查看
Kibana创建索引[logstash-nginx-access-]YYYY.MM.DD:
Kibana部署及message日志收集:http://blog.51cto.com/jinlong/2055042