1、Elasticsearch (ES)配置:
部署配置ES,需要配置JDK環境,JDK是Java語言的軟件開發工具包:
下載JAVA jdk源碼包:
wget https://mirrors.yangxingzhen.com/jdk/jdk-11.0.1_linux-x64_bin.tar.gz tar xf jdk11.0.1_linux-x64_bin.tar.gz mv jdk11.0.1_linux-64_bin /usr/java
設置環境變量:
cat >>/etc/profile<<EOF export JAVA_HOME=/usr/java export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH EOF source /etc/profile java -version
ELK環境信息:
192.168.1.11 Elasticsearch 192.168.1.12 kibana 192.168.1.13 logstash
1) 配置ES
下載elasticsearch7.5.1版本:
wget http://mirrors.cnbugs.com/LINUX/elasticsearch/elasticsearch-7.5.1-linux-x86_64.tar.gz tar xf elasticsearch-7.5.1-linux-x86_64.tar.gz mv elasticsearch-7.5.1 /usr/local/elasticsearch
修改 /usr/local/elasticsearch/config/elasticsearch.yml文件,設置監聽端口地址為:0.0.0.0
創建elk用戶, 用來啟動ES,ES服務默認不允許使用root啟動服務:
useradd elk chown -R elk. /usr/local/elasticsearch su - elk /usr/local/elasticsearch/bin/elasticsearch -d
查看日志及監聽端口:
tailf /usr/local/elasticsearch/logs/elasticsearch.log ps -ef|grep java netstat -nutlp|grep -E "9200|9300"
報錯問題匯總:
1、ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
解決方法:vim /etc/security/limits.conf (添加如下兩行)
* soft nofile 65536 * hard nofile 65536 * soft nproc 5000 * hard nproc 5000 root soft nproc 5000 root hard nproc 5000
2、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
解決方法: vim //usr/local/elasticsearch/config/elasticsearch.yml
# 在第23行位置去掉注釋,起個名字,默認是node-1 node.name: node-1
3、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
解決方法:vim /usr/local/elasticsearch/config/elasticsearch.yml
# 在第72行位置去掉注釋,修改為只保留一個node-1,名稱要和node.name的名字保持一致 cluster.initial_master_nodes: ["node-1"]
3、ERROR: [1] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解決方法:vim /etc/sysctl.conf 添加如下一行代碼: sysctl -p 生效
vm.max_map_count=262144
2、kibana WEB 配置:
下載kibana:
wget https://mirrors.yangxingzhen.com/kibana/kibana-7.5.1-linux-x86_64.tar.gz
部署安裝kibana 不需要安裝Java jdk環境,下載源碼包,解壓啟動即可:
tar xf kibana-7.5.1-linux-x86_64.tar.gz
mv kibana-7.5.1-linux-x86_64 /usr/local/kibana
修改kibana配置文件信息(監聽端口和IP地址),設置ES地址:
vim /usr/local/kibana/config/kibana.yml
啟動服務: /usr/local/kibana/bin/kibana ps -ef|grep node netstat -nutlp|grep 5601 瀏覽器訪問:192.168.1.12:5601
設置后台啟動:
nohup /usr/local/kibana/bin/kibana &
4、ELK7.5.1修改為中文版:
修改kibana配置文件:
[elk@kibana ~]$ vim /usr/local/kibana/config/kibana.yml #最后一行配置信息 i18n.locale: "zh-CN" 重啟kibana: nohup /usr/local/kibana/bin/kibana >&1 &
5、logstash 配置:
由於logstash基於JAVA 語言開發,logstash客戶端部署需要安裝JDK環境:
wget https://mirrors.yangxingzhen.com/jdk/jdk-11.0.1_linux-x64_bin.tar.gz tar xf jdk11.0.1_linux-x64_bin.tar.gz mv jdk11.0.1_linux-64_bin /usr/java
設置環境變量:
cat >>/etc/profile<<EOF export JAVA_HOME=/usr/java export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH EOF source /etc/profile java -version
下載logstash軟件包:
wget https://mirrors.yangxingzhen.com/logstash/logstash-7.5.1.tar.gz tar xf logstash-7.5.1.tar.gz mv logstash-7.5.1 /usr/local/logstash
ELK收集系統日志:
創建收集日志配置目錄及文件:
mkdir -p /usr/local/logstash/config/etc/ cd /usr/local/logstash/config/etc/ touch index.conf
index.conf內容如下:
input { stdin { } } output { stdout { codec => rubydebug {} } elasticsearch { hosts => "192.168.1.11:9200" } }
啟動index.conf服務:
/usr/local/logstash/bin/logstash -f index.conf
瀏覽器訪問:192.168.1.12:5601
