安装elk,日志采集系统
#elasticsearch安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.0.0-linux-x86_64.tar.gz
注意es不能在root下运行
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
打开/etc/security/limits.d/90-nproc.conf,将“* soft nproc 1024”修改为“* soft nproc 4096”。
除了这两个文件,还需要修改/etc/sysctl.conf文件,在文件末尾添加"vm.max_map_count=655360"。
接着执行命令"sysctl -p"
#关闭防火墙
#systemctl stop firewalld
#kibana的配置文件需要配置es的地址
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.0.0-linux-x86_64.tar.gz
#logstash的安装
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
#新建logstash1.conf
加入以下内容:
input {
file {
path => "/usr/local/nginx/logs/*.log"
start_position => beginning
}
}
filter {
}
output {
elasticsearch {
hosts => "localhost:9200"
}
}
#启动logstash
./bin/logstash -f ./bin/logstash1.conf
访问配置的地址:
http://访问地址:5601