ELK7.2.0收集华为交换机日志

ELK (Elasticsearch + Logstash + Kibana),是一个开源的日志收集平台,用于收集各种客户端日志文件在同一个平台上面做数据分析

ELK组件:

  • Elasticsearch:负责日志检索和储存
  • Logstash:负责日志的收集和分析、处理
  • Kibana:负责日志的可视化
  • 这三款软件都是开源软件,通常是配合使用,而且又先后归于Elastic.co公司名下,故被简称为ELK

elk安装:

1,安装java环境
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y
2,ELK rpm下载
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.rpm
3,安装ELK环境
a,安装Elasticsearch
rpm -ivh elasticsearch-7.2.0-x86_64.rpm
vim /etc/elasticsearch/elasticsearch.yml
    cluster.name: my-application
    node.name: es1
    path.data: /var/lib/elasticsearch
    path.logs: /var/log/elasticsearch
    network.host: "0.0.0.0"
    http.port: 9200
    cluster.initial_master_nodes: ["es1"]
systemctl start elasticearch && systemctl enable elasticearch
b,安装kibana
rpm -ivh kibana-7.2.0-x86_64.rpm
vim  /etc/kibana/kibana.ymlserver.port: 5601
      server.host: "0.0.0.0"
      server.name: "es1"
      elasticsearch.hosts: ["http://127.0.0.1:9200"]
      kibana.index: ".kibana"
systemctl start kibana && systemctl enable kibana
c,安装logstash并且定义启动一个syslog日志文件
rpm -ivh logstash-7.2.0.rpm
vim /etc/logstash/logstash.yml
    path.data: /var/lib/logstash
    path.config: "/etc/logtash/conf.d"
    path.logs: /var/log/logstash
ln -s /etc/logstash /usr/share/logstash/config
vim /usr/share/logstash/config/conf.d/syslog.conf
input {
  udp {
    port => "514"
    type => "syslog"
  }
}
output {
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "logstash_syslog-%{+YYYY.MM.dd}"
  }
}

yum install -y supervisor
systemctl enable supervisord && systemctl start supervisord
vim /etc/supervisord.d/logstash.ini 
[program:logstash]
environment=LS_HEAP_SIZE=5000m
directory=/usr/share/logstash
command=/usr/share/logstash/bin/logstash -f /usr/share/logstash/config/conf.d/syslog.conf -w 10 -l /var/log/logstash/syslog.log

supervisorctl reload
4,使用nginx反向代理kibana并且设置用户名和密码登录进行验证
创建http认证的用户名和密码
mkdir /etc/nginx/passwd/
cd /etc/nginx/passwd/
touch kibana.passwd
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/passwd/kibana.passwd kibana sdnware
创建kibana的nginx配置文件
vim /etc/nginx/conf.d/kibana.conf
server
{
 listen 8443;
   server_name kibana.mofangge.cc;
   access_log /var/log/nginx/kibana/kinaba_access.log main;
   error_log /var/log/nginx/kibana/kinaba_error.log;

   auth_basic "Kibana Auth";
   auth_basic_user_file /etc/nginx/passwd/kibana.passwd;

 location / {
    proxy_pass http://192.168.200.99:5601;
    proxy_redirect off;
   }

}
最后访问浏览器访问http://kibana.mofangge.cc:8443
posted @ 2020-10-13 16:35  飞到问情  阅读(1429)  评论(0编辑  收藏  举报