CentOS6 搭建ELK套件搭建日志分析和监控平台

前端之家收集整理的这篇文章主要介绍了CentOS6 搭建ELK套件搭建日志分析和监控平台前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

ELK套件(ELK stack)是指ElasticSearch、Logstash和Kibana三件套。这三个软件可以组成一套日志分析和监控工具。

环境准备


为了正常使用HTTP服务等,需要关闭防火墙:

#serviceiptablesstop

或者可以不关闭防火墙,但是要在iptables中打开相关的端口:


#vim/etc/sysconfig/iptables
-AINPUT-mstate--stateNEW-mtcp-ptcp--dport80-jACCEPT
-AINPUT-mstate--stateNEW-mtcp-ptcp--dport9200-jACCEPT
-AINPUT-mstate--stateNEW-mtcp-ptcp--dport9292-jACCEPT
#serviceiptablesrestart


安装JDK

#yum-yinstalljava-1.7.0-openjdk*
#java-version

#mkdir-p/opt/software&&cd/opt/software
#wgethttps://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.tar.gz
#tar-zxvfelasticsearch-1.4.2.tar.gz-C/usr/local/
#ln-s/usr/local/elasticsearch-1.4.2/usr/local/elasticsearch

安装elasticsearch-servicewrapper,并启动ElasticSearch服务:

#sudowgethttps://github.com/elasticsearch/elasticsearch-servicewrapper/archive/master.tar.gz
#sudotar-zxvfmaster
#mv/opt/software/elasticsearch-servicewrapper-master/service/usr/local/elasticsearch/bin/
#/usr/local/elasticsearch/bin/service/elasticsearchstart

测试ElasticSearch服务是否正常,预期返回200的状态码:

#curl-XGEThttp://localhost:9200

安装Logstash

#sudowgethttps://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz
#sudotar-zxvflogstash-1.4.2.tar.gz-C/usr/local/
#ln-s/usr/local/logstash-1.4.2/usr/local/logstash

简单测试Logstash服务是否正常

#/usr/local/logstash/bin/logstash-e'input{stdin{}}output{stdout{}}'


#mkdir-p/usr/local/logstash/etc

#vim/usr/local/logstash/etc/hello_search.conf

input{
stdin{
type=>"human"
}
}

output{
stdout{
codec=>rubydebug
}

elasticsearch{
host=>"192.168.1.22"
port=>9300
}
}
#/usr/local/logstash/bin/logstash-f/usr/local/logstash/etc/hello_search.conf


安装Kibana

#sudowgethttps://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.tar.gz
#sudotar-zxvfkibana-3.1.2.tar.gz
#mvkibana-3.1.2/var/www/html/kibana

修改Kibana的配置文件,把elasticsearch所在行的内容替换成如下

#vim/var/www/html/kibana/config.js
elasticsearch:"http://192.168.1.22:9200",

修改ElasticSearch的配置文件,追加一行内容,并重启ElasticSearch服务:

#vim/usr/local/elasticsearch/config/elasticsearch.yml
http.cors.enabled:true
#/usr/local/elasticsearch/bin/service/elasticsearchrestart

浏览器访问Kibana

http://10.111.121.22/kibana

配置Logstash

#vim/usr/local/logstash/etc/logstash_agent.conf
input{
file{
type=>"http.access"
path=>["/var/log/httpd/access_log"]
}

file{
type=>"http.error"
path=>["/var/log/httpd/error_log"]
}

file{
type=>"messages"
path=>["/var/log/messages"]
}
}

output{
elasticsearch{
host=>"10.111.121.22"
port=>9300
}
}
#nohup/usr/local/logstash/bin/logstash-f/usr/local/logstash/etc/logstash_agent.conf&


一个简单的日志分析和监控平台就搭建好了,可以使用Kibana进行查看。

猜你在找的CentOS相关文章