日志分析环境搭建:
下载&安装:
java1.8:
卸载:
# rpm -qa|grep java // 查看jdk的信息
一般将获得如下信息:
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5
# yum -y remove java java-1.4.2-gcj-compat-1.4.2.0-40jpp.115// 卸载
yum -y remove java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u161-b12/2f38c3b165be4555a1fa6e98c45e0808/jdk-8u161-linux-x64.rpm"
xampp:
原创)CentOS6.4下安装xampp(一定要在linux上下载)
RedHat中xampp的lampp开启失败提示“aaa proftpd[48908]:warning: unable to determine IP address of ‘aaa’”解决办法
dvwa环境:http://192.168.199.244:8080/dvwa/index.php
elasticsearch:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.1.rpm
sudo rpm --install elasticsearch-5.6.1.rpm
ElasticSearch分词器设置
http://192.168.0.38:9200/_template/web_apache_template
{
"template": "web-apache-*",
"order":2,
"settings": {
"analysis": {
"analyzer": {
"charSplit": {
"type": "custom",
"tokenizer": "ngram_tokenizer" }
},
"tokenizer": {
"ngram_tokenizer": {
"type": "nGram",
"min_gram": "1",
"max_gram": "1",
"token_chars": [ "letter", "digit", "punctuation" ] }
}
}
},"mappings": {
"apache-access": {
"properties": {
"raw_request": {
"type": "text",
"store": "yes",
"analyzer": "charSplit" },
"method": {
"type": "keyword" },
"offset": {
"type": "long" },
"auth": {
"type": "keyword" },
"input_type": {
"type": "keyword" },
"http_version": {
"type": "float" },
"read_timestamp": {
"type": "date" },
"source": {
"type": "keyword" },
"type": {
"type": "keyword" },
"tags": {
"type": "keyword" },
"@timestamp": {
"type": "date" },
"bytes": {
"type": "long" },
"@version": {
"type": "keyword" },
"beat": {
"properties": { "hostname": { "type": "keyword" }, "name": { "type": "keyword" }, "version": { "type": "keyword" } } },
"host": {
"type": "keyword" },
"client_ip": {
"type": "keyword" },
"status": {
"type": "keyword" }
}
}
}
}
logstash:
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm
sudo rpm --install logstash-5.6.1.rpm
kibana:
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.1-x86_64.rpm
sudo rpm --install kibana-5.6.1-x86_64.rpm
修改/etc/kibana/kibana.yml
添加server.host:0.0.0.0