碼上快樂

相關內容    簡體    繁體

ELK7.2.0收集華為交換機日志

本文轉載自   查看原文   2020-10-13 16:35   471    linux-app

ELK (Elasticsearch + Logstash + Kibana),是一個開源的日志收集平台,用於收集各種客戶端日志文件在同一個平台上面做數據分析

ELK組件:

  • Elasticsearch:負責日志檢索和儲存
  • Logstash:負責日志的收集和分析、處理
  • Kibana:負責日志的可視化
  • 這三款軟件都是開源軟件,通常是配合使用,而且又先后歸於Elastic.co公司名下,故被簡稱為ELK

elk安裝:

1,安裝java環境
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y
2,ELK rpm下載
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.rpm
3,安裝ELK環境
a,安裝Elasticsearch
rpm -ivh elasticsearch-7.2.0-x86_64.rpm
vim /etc/elasticsearch/elasticsearch.yml
    cluster.name: my-application
    node.name: es1
    path.data: /var/lib/elasticsearch
    path.logs: /var/log/elasticsearch
    network.host: "0.0.0.0"
    http.port: 9200
    cluster.initial_master_nodes: ["es1"]
systemctl start elasticearch && systemctl enable elasticearch
b,安裝kibana
rpm -ivh kibana-7.2.0-x86_64.rpm
vim  /etc/kibana/kibana.ymlserver.port: 5601
      server.host: "0.0.0.0"
      server.name: "es1"
      elasticsearch.hosts: ["http://127.0.0.1:9200"]
      kibana.index: ".kibana"
systemctl start kibana && systemctl enable kibana
c,安裝logstash並且定義啟動一個syslog日志文件
rpm -ivh logstash-7.2.0.rpm
vim /etc/logstash/logstash.yml
    path.data: /var/lib/logstash
    path.config: "/etc/logtash/conf.d"
    path.logs: /var/log/logstash
ln -s /etc/logstash /usr/share/logstash/config
vim /usr/share/logstash/config/conf.d/syslog.conf
input {
  udp {
    port => "514"
    type => "syslog"
  }
}
output {
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "logstash_syslog-%{+YYYY.MM.dd}"
  }
}

yum install -y supervisor
systemctl enable supervisord && systemctl start supervisord
vim /etc/supervisord.d/logstash.ini 
[program:logstash]
environment=LS_HEAP_SIZE=5000m
directory=/usr/share/logstash
command=/usr/share/logstash/bin/logstash -f /usr/share/logstash/config/conf.d/syslog.conf -w 10 -l /var/log/logstash/syslog.log

supervisorctl reload
4,使用nginx反向代理kibana並且設置用戶名和密碼登錄進行驗證
創建http認證的用戶名和密碼
mkdir /etc/nginx/passwd/
cd /etc/nginx/passwd/
touch kibana.passwd
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/passwd/kibana.passwd kibana sdnware
創建kibana的nginx配置文件
vim /etc/nginx/conf.d/kibana.conf
server
{
 listen 8443;
   server_name kibana.mofangge.cc;
   access_log /var/log/nginx/kibana/kinaba_access.log main;
   error_log /var/log/nginx/kibana/kinaba_error.log;

   auth_basic "Kibana Auth";
   auth_basic_user_file /etc/nginx/passwd/kibana.passwd;

 location / {
    proxy_pass http://192.168.200.99:5601;
    proxy_redirect off;
   }

}
最后訪問瀏覽器訪問http://kibana.mofangge.cc:8443


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 ELK 收集交換機日志(以華為交換機為例) ELK監控交換機日志 華為交換機VRRP配置實例收集(轉) 利用docker部署elk交換機日志分析 華為交換機日志The CRC error is rising 華為交換機日志A hash conflict occurs in MAC addresses 華為交換機日志Auto port-defend started 華為交換機日志格式和級別說明 配置華為交換機 華為交換機操作
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM