CentOS下使用ELK套件搭建日志分析和监控平台 图片看附件
1 概述
ELK套件(ELK stack)是指ElasticSearch、Logstash和Kibana三件套。这三个软件可以组成一套日志分析和监控工具。
由于三个软件各自的版本号太多,建议采用ElasticSearch官网推荐的搭配组合:http://www.elasticsearch.org/overview/elkdownloads/
2 环境准备
2.1 软件要求
具体的版本要求如下:
- 操作系统版本:CentOS 6.7;
- JDK版本:1.7.0;
- Logstash版本:1.4.2;
- ElasticSearch版本:1.4.2;
- Kibana版本:3.1.2;
2.2 防火墙配置
首先安装jdk
用yum安装JDK
1.查看yum库中都有哪些jdk版本(暂时只发现了openjdk)
[root@localhost ~]# yum search java|grep jdk
ldapjdk-javadoc.x86_64 : Javadoc for ldapjdk
java-1.6.0-openjdk.x86_64 : OpenJDK Runtime Environment
java-1.6.0-openjdk-demo.x86_64 : OpenJDK Demos
java-1.6.0-openjdk-devel.x86_64 : OpenJDK Development Environment
java-1.6.0-openjdk-javadoc.x86_64 : OpenJDK API Documentation
java-1.6.0-openjdk-src.x86_64 : OpenJDK Source Bundle
java-1.7.0-openjdk.x86_64 : OpenJDK Runtime Environment
java-1.7.0-openjdk-demo.x86_64 : OpenJDK Demos
java-1.7.0-openjdk-devel.x86_64 : OpenJDK Development Environment
java-1.7.0-openjdk-javadoc.noarch : OpenJDK API Documentation
java-1.7.0-openjdk-src.x86_64 : OpenJDK Source Bundle
java-1.8.0-openjdk.x86_64 : OpenJDK Runtime Environment
java-1.8.0-openjdk-demo.x86_64 : OpenJDK Demos
java-1.8.0-openjdk-devel.x86_64 : OpenJDK Development Environment
java-1.8.0-openjdk-headless.x86_64 : OpenJDK Runtime Environment
java-1.8.0-openjdk-javadoc.noarch : OpenJDK API Documentation
java-1.8.0-openjdk-src.x86_64 : OpenJDK Source Bundle
ldapjdk.x86_64 : The Mozilla LDAP Java SDK
2.选择版本,进行安装
//选择1.7版本进行安装
[root@localhost ~]# yum install java-1.8.0-openjdk
//安装完之后,默认的安装目录是在: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.75.x86_64
3.设置环境变量
[root@localhost ~]# vi /etc/profile
在profile文件中添加如下内容
#set java environment
JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64
JRE_HOME=$JAVA_HOME/jre
CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
export JAVA_HOME JRE_HOME CLASS_PATH PATH
让修改生效
[root@localhost java]# source /etc/profile
检查jdk即可 java -version
为了正常使用HTTP服务等,需要关闭防火墙:
- # service iptables stop
或者可以不关闭防火墙,但是要在iptables中打开相关的端口:
- # vim /etc/sysconfig/iptables
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 9200 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
- # service iptables restart
· # 解压缩安装
· useradd elk
· su – elk
·
· tar -xvf elasticsearch-2.3.4.tar.gz
·
· cd elasticsearch-2.3.4
· # 安装Head插件
· ./bin/plugin install mobz/elasticsearch-head
·
· ls plugins/
· # ls能看到head文件即可表示ok了。
· [elk@hch_test_dbm1_121_62 elasticsearch-2.3.4]$ ll plugins/
· 总用量 4
· drwxrwxr-x. 5 elk elk 4096 8月 2 17:26 head
·
· [elk@hch_test_dbm1_121_62 elasticsearch-2.3.4]$vim config/elasticsearch.yml
·
· cluster.name: es_cluster
· node.name: node0
· path.data: /home/elk/data
· path.logs: /home/elk/logs
· # 当前的host ip地址
· network.host: 192.168.121.62
· network.port: 9200
·
启动es:
./bin/elasticsearch
ES 启动错误 解决方案 5.51版本
http://blog.csdn.net/u012371450/article/details/51776505
打开url地址http://192.168.0.65:9200/
访问
http://192.168.0.65:9200/_plugin/head/
安装logstash
logstash其实它就是一个 收集器 而已,我们需要为它指定Input和Output(当然Input和Output可以为多个)。由于我们需要把Java代码中Log4j的日志输出到ElasticSearch中,因此这里的Input就是Log4j,而Output就是ElasticSearch。
结构图如E:\u\elk\pic\02.png所示:
安装配置:
# 解压缩安装
tar -xvf logstash-2.3.4.tar.gz
cd logstash-2.3.4
# 将配置文件放置在config文件夹下面
mkdir config
vim config/log4j_to_es.conf
# For detail structure of this file
# Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
input {
# For detail config for log4j as input,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html
log4j {
mode => "server"
host => "192.168.121.62" #本机IP
port => 4567
}
}
filter {
#Only matched data are send to output.
}
output {
# For detail config for elasticsearch as output,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
elasticsearch {
action => "index" #The operation on ES
hosts => "192.168.121.62:9200" #ElasticSearch host, can be array.
index => "applog" #The index to write data to.
}
}
启动logstash,2个参数一个是agent一个是配置文件:
[elk@hch_test_dbm1_121_62 logstash-2.3.4]$ ./bin/logstash -f config/log4j_to_es.conf
Settings: Default pipeline workers: 32
log4j:WARN No appenders could be found for logger (org.apache.http.client.protocol.RequestAuthCache).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Pipeline main started
接下来,可以使用logstash来收集日志并保存到es中了,可以使用一段java代码来实现它。记得关闭本机防火墙