ELK是Elasticsearch、Logstash、Kibana三大開源架構首字母大寫簡稱。主要解決思路:建立集中式日志收集系統,将所有節點上的日志統一收集,管理,通路。ELK提供了一整套解決方案,并且都是開源軟體,之間互相配合使用,完美銜接,高效的滿足了很多場合的應用。目前主流的一種日志系統。
環境準備:
# 關閉防火牆、關閉 selinux
systemctl stop firewalld.service
setenforce
| 伺服器 | 安裝部署 |
|---|---|
| 10.0.0.21 | jdk環境、elasticsearch、kibana |
| 10.0.0.22 | jdk環境、logstash |
所需安裝包(可下載下傳):
- jdk-8u131-linux-x64_.rpm
-
elasticsearch-6.6.2.rpm
-link 點選此處下載下傳
-
kibana-6.6.2-x86_64.rpm
-link 點選此處下載下傳
-
logstash-6.6.0.rpm
-link 點選此處下載下傳
開始部署
1.安裝 jdk 環境
[[email protected]-22 ELK]# java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
2.安裝 elasticsearch
[[email protected]-21 ELK]# yum -y install elasticsearch-6.6.2.rpm
Loaded plugins: fastestmirror
……
Installed:
elasticsearch.noarch 0:6.6.2-1
Complete!
修改配置檔案,打開主機IP和端口的注釋,将主機IP修改為自己的IP,我這裡是10.0.0.21
[[email protected]-21 elasticsearch]# vim elasticsearch.yml
54 #
55 network.host: 10.0.0.21
56 #
59 http.port: 9200
60 #
儲存退出,啟動服務
[[email protected]-21 elasticsearch]# vim elasticsearch.yml
此時可以通過看日志來判斷服務是否啟動
[[email protected]-21 ~]# tail -f /var/log/elasticsearch/elasticsearch.log
……
[2020-02-12T22:22:32,409][INFO ][o.e.n.Node ] [9ITBrSO] started
[2020-02-12T22:22:33,905][INFO ][o.e.l.LicenseService ] [9ITBrSO] license [da7afc9e-0e8f-435c-b861-0e2d60a8fec5] mode [basic] - valid
通過檢視,日志顯示已經啟動,便可以去查端口是否啟動
[[email protected]-21 elasticsearch]# ss -lntp |grep java
LISTEN 0 128 ::ffff:10.0.0.21:9200 :::* users:(("java",pid=9525,fd=191))
LISTEN 0 128 ::ffff:10.0.0.21:9300 :::* users:(("java",pid=9525,fd=183))
配置 elasticsearch,啟動完畢
3.安裝 logstash
[[email protected]-22 ELK]# yum -y install logstash-6.6.0.rpm
Loaded plugins: fastestmirror
……
Installed:
logstash.noarch 1:6.6.0-1
Complete!
logstash 核心功能是存儲日志、搜尋日志,是以我們要在配置檔案中寫入一些主要資訊
[[email protected]-22 ELK]# cd /etc/logstash/conf.d/
[[email protected]-22 conf.d]# vim messages.conf
input {
file {
path => "/var/log/messages" # 日志的路徑
type => "messages-log" # 日志的類型
start_position => "beginning" # 日志收集的位置
}
}
output {
elasticsearch {
hosts => "10.0.0.21:9200" # 日志的主機
index => "messages_log-%{+YYYY.MM.dd}" # 顯示的格式
}
}
儲存退出,啟動服務
[[email protected]-22 conf.d]# systemctl start logstash.service
我們用日志進行檢視是否成功
[[email protected]-22 ~]# tail -f /var/log/logstash/logstash-plain.log
……
[2020-02-12T22:37:25,312][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-02-12T22:37:25,429][WARN ][filewatch.tailmode.handlers.createinitial] failed to open /var/log/messages: #<Errno::EACCES: Permission denied - /var/log/messages>, ["org/jruby/RubyFile.java:366:in `initialize'", "org/jruby/RubyIO.java:1154:in `open'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.9/lib/filewatch/watched_file.rb:198:in `open'"]
可以看到,啟動成功,但是有一個問題,沒有打開目錄的權限,是以此時,應該授權并重新啟動
[[email protected]-22 conf.d]# chmod 755 -R /var/log/*
[[email protected] conf.d]# systemctl restart logstash.service
再次檢視日志
[[email protected]-22 ~]# tail -f /var/log/logstash/logstash-plain.log
……
[2020-02-12T22:44:46,575][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2020-02-12T22:44:47,250][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
啟動成功,沒有問題,便可以去檢視端口時候啟動成功
[[email protected]-22 conf.d]# ss -lntp |grep 9600
LISTEN 0 50 [::ffff:127.0.0.1]:9600 [::]:* users:(("java",pid=52665,fd=86))
配置 logstash,啟動完畢
4.安裝 kibana
[[email protected]-21 ELK]# yum -y install kibana-6.6.2-x86_64.rpm
Loaded plugins: fastestmirror
……
Installed:
kibana.x86_64 0:6.6.2-1
Complete!
修改配置檔案,将端口号、主機IP、elasticsearch IP修改并打開注釋
[[email protected]-21 kibana]# vim kibana.yml
2 server.port: 5601
3
7 server.host: "10.0.0.21"
8
28 elasticsearch.hosts: ["http://10.0.0.21:9200"]
29
儲存退出,啟動服務
[[email protected]-21 kibana]# systemctl start kibana.service
檢視端口是否啟動成功
[[email protected]-21 kibana]# ss -lntp |grep 5601
LISTEN 0 128 10.0.0.21:5601 *:* users:(("node",pid=11228,fd=18))
配置 kibana,啟動完畢
5.通路頁面
添加索引,如下:
出現此頁面,添加索引成功
6.給日志添加可視化圖形
這裡我選擇的是線程圖
選擇索引
選擇 x 軸為繪畫日期的柱狀圖,然後點選開始擷取資料
點選便可檢視
準備伺服器–>安裝軟體–>搭建ELK環境–>收集日志–>添加索引–>可視化圖形顯示