咱们废话少说,直接切入正题
先看版本
filebeat1.0.0-rc2 logstash2.0.0-1 elasticsearch2.0.0 kibana4.2
那么多内容可以简单归结如下:
名词解释
Elasticsearch 存储索引
Kibana UI
Kibana dashboard 可视化思维图
Logstash Input Beats plugin 收集事件
Elasticsearch output plugin 发送事务
Filebeat 日志数据托运人shipper
Topbeat 轻量级服务器监控
Packetbeat 在线网络数据包分析
架构
一,客户端安装
filebeat架构
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation
nginx日志客户端安装filebeat
安装filebeat
curl -L -O
rpm-vi filebeat-1.0.0-rc2-x86_64.rpm
配置filebeat
/etc/filebeat/filebeat.yml
Filebeat configuration:
filebeat:
prospectors:
-
paths:
- "/var/log/*.log"
fields:
type: syslog
output:
elasticsearch:
enabled: true
hosts: [""]
启动filebeat
[root@backup01 filebeat]# curl -XPUT '' -d@/etc/filebeat/filebeat.template.json
{
"acknowledged" : true
}
topbeat
https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html
curl -L -O
rpm -vih topbeat-1.0.0-rc2-x86_64.rpm
packetbeat
https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html
yum install libpcap
curl -L -O
rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm
二,服务器端安装
安装elk
既可以分析日志,又可以监控服务器状态,还可以分析http协议等网络数据包。
elasticearch安装
yum install java-1.7.0-openjdk
curl -L -O
rpm -ivh elasticsearch-2.0.0.rpm
配置启动
cat /etc/elasticsearch/elasticsearch.yml |grep -Ev "^$|^#"
path.data: /data
path.logs: /data/elklogs
network.host: 192.168.0.58
chmod elasticsearch:elasticsearch /data/elasticsearch/ -R
chmod elasticsearch:elasticsearch /data/elklogs/ -R
service elasticsearch start
测试elasticearch
[root@localhost ~]# curl
{
"name" : "Redwing",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.0.0",
"build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
"build_timestamp" : "2015-10-22T08:09:48Z",
"build_snapshot" : false,
"lucene_version" : "5.2.1"
},
"tagline" : "You Know, for Search"
}
logstash安装(102.131)
curl -L -O
rpm -ivh logstash-2.0.0-1.noarch.rpm
logstash配置
cat nginxconf.json
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "192.168.0.58:9200"
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
kibana安装
curl -L -O
tar xzvf kibana-4.2.0-linux-x64.tar.gz
cd kibana-4.2.0-linux-x64/
./bin/kibana
先修改kibana.yml 可设置端口号,elaticsearch
mv kibana-4.2.0-linux-x64 /var/kibana
nohup /var/kibana/bin/kibana -e &
log [13:14:14.588] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
log [13:14:14.617] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [13:14:14.630] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
log [13:14:14.639] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
log [13:14:14.646] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
log [13:14:14.655] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [13:14:14.658] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
log [13:14:14.661] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
log [13:14:14.663] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
log [13:14:14.675] [info][listening] Server running at
kibana dashboard加载
curl -L -O
tar xzvf beats-dashboards-1.0.0-rc2.tar.gz
cd beats-dashboards-1.0.0-rc2/
./load.sh
./load.sh
curl
Loading search Cache-transactions:
{"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
Loading search DB-transactions:
{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
最后测试索引的命令如下:
curl 192.168.0.58:9200/_cat/indices
yellow open .kibana 1 1 93 0 69kb 69kb
yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb
详细配置可以参考配置篇
http://blog.chinaunix.net/uid-25057421-id-5576272.html
