ELK实时日志分析平台部署搭建详细实现过程-linux安全运维_跨零代码

跨零代码为大家提供高品质的运维解决方案,请大家多多来访,跨零不胜感激,在此谢过。

关闭并禁用防火墙

 [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld 

禁用SELINUX

 [root@localhost ~]# setenforce 0 [root@localhost ~]# sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config 

java环境

 [root@localhost src]# tar zxvf jdk-8u181-linux-x64.tar.gz [root@localhost src]# mv jdk1.8.0_181/ /usr/local/ [root@localhost src]# vi /etc/profile   //最下面添加     export JAVA_HOME=/usr/local/jdk1.8.0_181     export JRE_HOME=${JAVA_HOME}/jre     export CLASSPATH=.:${JAVA_HOME}/lib/dt.JAVA_HOME/lib/tools.jar:${JRE_HOME}/lib     export PATH=${JAVA_HOME}/bin:${PATH} [root@localhost src]# source /etc/profile [root@localhost src]# java -version     java version "1.8.0_181"     Java(TM) SE Runtime Environment (build 1.8.0_181-b13)     Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) 

ElasticSearch 的安装与运行

 [root@localhost src]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz [root@localhost src]# tar -xzf elasticsearch-6.2.2.tar.gz [root@localhost src]# groupadd elasticsearch [root@localhost src]# useradd elasticsearch -g elasticsearch [root@localhost src]# chown -R elasticsearch:elasticsearch elasticsearch-6.2.2 [root@localhost src]# su elasticsearch [elasticsearch@localhost src]$ cd elasticsearch-6.2.2 [elasticsearch@localhost elasticsearch-6.2.2]$ bin/elasticsearch [root@localhost ~]# curl http://127.0.0.1:9200/     {       "name" : "6FN8LUp",       "cluster_name" : "elasticsearch",       "cluster_uuid" : "ez7zsys-TZKZfS3-d1cOmA",       "version" : {         "number" : "6.2.2",         "build_hash" : "10b1edd",         "build_date" : "2018-02-16T19:01:30.685723Z",         "build_snapshot" : false,         "lucene_version" : "7.2.1",         "minimum_wire_compatibility_version" : "5.6.0",         "minimum_index_compatibility_version" : "5.0.0"       },       "tagline" : "You Know, for Search"     } 

FileBeats 与 LogStash 的安装

 [root@localhost src]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.tar.gz [root@localhost src]# tar zxvf logstash-6.3.2.tar.gz [root@localhost src]# cd logstash-6.3.2 [root@localhost logstash-6.3.2]# vim first.conf     # 配置输入为 beats     input {         beats {                 port => "5044"              }          }     # 数据过滤     filter {         grok {                 match => { "message" => "%{COMBINEDAPACHELOG}" }              }         geoip {                 source => "clientip"              }          }     # 输出到本机的 ES     output {         elasticsearch {                 hosts => [ "localhost:9200"  ]              }          } [root@localhost logstash-6.3.2]# bin/logstash -f first.conf --config.reload.automatic [root@localhost ~]# netstat -ntlp | grep 5044     tcp6       0      0 :::5044                 :::*                    LISTEN      12157/java      [root@localhost src]# tar -zxvf filebeat-6.3.2-linux-x86_64.tar.gz [root@localhost src]# cd filebeat-6.3.2-linux-x86_64 [root@localhost filebeat-6.3.2-linux-x86_64]# vim filebeat.yml     - type: log        # Change to true to enable this prospector configuration.         enabled: True              # Paths that should be crawled and fetched. Glob based paths.         # 读取 Nginx 的日志         paths:           - /usr/local/nginx/logs/*.log          #----------------------------- Logstash output --------------------------------     # 输出到本机的 LogStash     output.logstash:       # The Logstash hosts       hosts: ["localhost:5044"] [root@localhost filebeat-6.3.2-linux-x86_64]# ./filebeat -e -c filebeat.yml -d "publish"  [root@localhost src]# tar zxvf kibana-6.3.2-linux-x86_64.tar.gz [root@localhost kibana-6.3.2-linux-x86_64]# bin/kibana 




//下面这个css和插件后台设置的主题有关系,如果需要换样式,则需要修改以下CSS名称

从零到一,创造未来!跨零代码综合IT问题解决服务站,欢迎你的到来。运维教程 只为你绽放。

本文固定链接: http://kua0.com/2019/02/02/elk实时日志分析平台部署搭建详细实现过程-linux安全运/

为您推荐

发表评论

电子邮件地址不会被公开。 必填项已用*标注