systemctl stop firewalld
systemctl disable firewalld2. 安裝jdk
yum install -y java-11-openjdk3. 建立elk repo
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearchvim /etc/yum.repos.d/elk.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md4. 安裝elasticsearch
yum install -y elasticsearch#修改設定檔 vim /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200#如果是單一節點記得補上下面這一行設定
discovery.type: single-node#啟動elasticsearch
systemctl enable elasticsearch
systemctl start elasticsearch#解決Memery問題 <--不一定需要設定,視情況 vim /etc/sysctl.conf #追加以下内容:
vm.max_map_count=655360#儲存後,執行
sysctl -p#測試 curl http://192.168.1.141:9200/ 5. 安裝kibana
yum install -y kibana#修改設定檔 vim /etc/kibana/kibana.yml
server.port: 5601
server.host: 0.0.0.0#啟動kibana
systemctl enable kibana
systemctl start kibana#測試,網頁打開 http://192.168.1.141:5601/ 6. 安裝logstash
yum install -y logstash#修改設定檔 vim /etc/logstash/conf.d/logstash.conf
input {
beats {
port => 5044
}
}
filter {
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}#啟動logstash
systemctl enable logstash
systemctl start logstash7. 安裝filebeat
yum install -y filebeat#修改設定檔
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/*.log#以下註解,不使用
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]#以下取消註解,改output到logstash
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]#啟動filebeat
systemctl enable filebeat
systemctl start filebeat