• 安装部署ELK,并收集tomcat,nginx日志


    1.ELK部署

    1.创建三台内存大于等于3g的虚拟机

    tail -3 /etc/hosts
    192.168.163.143 elk-node01
    192.168.163.147 elk-node02
    192.168.163.146 elk-node03

    2.部署 jdk

    rpm -ivh jdk-8u144-linux-x64.rpm
    java -version
    java version “1.8.0_144”
    Java™ SE Runtime Environment (build 1.8.0_144-b01)
    Java HotSpot™ 64-Bit Server VM (build 25.144-b01, mixed mode)

    3.部署ElasticSearch集群环境

    cat /etc/yum.repos.d/elk.repo
    [elk]
    name=elk 7.x
    baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/
    gpgcheck=0

    4配置Elasticsearch集群

    cp /etc/elasticsearch/elasticsearch.yml{,.bak}
    grep ‘1’ /etc/elasticsearch/elasticsearch.yml
    cluster.name: my-elk
    node.name: elk-node01
    path.data: /var/lib/elasticsearch
    path.logs: /var/log/elasticsearch
    network.host: 192.168.163.143
    http.port: 9200
    discovery.seed_hosts: [“elk-node01”, “elk-node02”, “elk-node03”] cluster.initial_master_nodes: [“elk-node01”]

    主节点相关配置 加在最后

    node.master: true
    node.data: false
    node.ingest: false
    node.ml: false
    cluster.remote.connect: false

    5.下载head插件

    cd /var/lib/elasticsearch/

    wget https://github.com/mobz/elasticsearch-head/archive/master.zip

    #解压
    yum install unzip
    unzip master.zip
    (3)安装依赖包

    yum install openssl bzip2 unzip -y
    下载运行head必要的文件(放置在文件夹/tmp下)
    cd /tmp
    wget https://npm.taobao.org/mirrors/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2

    6.修改配置文件

    vim Gruntfile.js
    #找到并修改
    options: {
    port: 9100,
    base: ‘.’,
    keepalive: true,
    hostname: ‘*’
    }

    vim _site/app.js

    this.base_uri = this.config.base_uri || this.prefs.get(“app-base_uri”) || “http:192.168.163.143:9200”;

    http.cors.enabled: true
    http.cors.allow-origin: “*”

    访问 IP:9100 看到集群的信息

    在这里插入图片描述

    filebeat收集nginx的json格式日志

    1.fire beat配置

    cat /etc/filebeat/nginx.yml
    filebeat.inputs:
    - type: log
    enabled: true
    json.keys_under_root: true
    json.overwrite_keys: true
    paths:
    - /var/log/nginx/access.log
    fields:
    log_topics: nginx
    output.logstash:
    hosts: [“127.0.0.1:10001”]

    2.logstash配置

    cat nginx.conf
    input {
    beats {
    port=>10001
    }
    }
    output {
    if [fields][log_topics]==“nginx”{
    elasticsearch {
    hosts=>[“192.168.163.143:9200”]
    index=>“nginx-%{+YYYY.MM.dd}”
    }
    }
    }

    在这里插入图片描述


    1. a-Z ↩︎

  • 相关阅读:
    06-HTTPS单向认证及Java案例
    [ vulhub漏洞复现篇 ] Struts2 远程命令执行漏洞(S2-001)
    redis实战-实现用户签到&UV统计
    Python解释器与Python编辑器的详细下载与安装过程
    UDP网络通信反复发&收
    python每日一题【剑指 Offer 13. 机器人的运动范围】
    怎么裁剪视频时长?建议收藏这些方法
    【python笔记】第七节 散列类型与格式化输出
    A* AcWing 178. 第K短路
    React中的useEffect(副作用)
  • 原文地址:https://blog.csdn.net/suiyuanfengfeng/article/details/126377266