ELK-日誌收集-Kibana WEB安全認證
阿新 • • 發佈:2020-10-14
1、ELK收集MYSQL日誌實戰:
日誌收集存放目錄位置:
/usr/local/logstash/config/etc/
1)日誌採集-存入redis快取資料庫:mysql-redis.conf
input { file { type => "mysql-access" path => "/var/log/mysqld.log" } } output { redis { host => "192.168.1.12" port => 6379 data——type => "list" key =>"logstash" } }
啟動mysql-redis.conf:
nohup /usr/local/logstash/bin/logstash -f mysql-redis.conf
ps -ef|grep java
2)Redis資料-存入ES:
input { redis { host => "localhost" port => "6379" data_type => "list" key => "logstash" type => "redis-input" batch_count => 1 } } output { elasticsearch { hosts=> "192.168.1.11" } }
啟動mysql-redis.conf:
nohup /usr/local/logstash/bin/logstash -f mysql-redis.conf ps -ef|grep java
日誌收集案例:nginx 可以寫多個file, 也可以寫多個檔案(分開寫),多個檔案需要啟動多次:
input { file { type => "nginx-access" path => "/usr/local/nginx/logs/access.log" } } output { elasticserch { hosts2、日誌分類: tomcat日誌:catalina.out mysql日誌:mysqld.log nginx日誌:access.log /error.log zabbix日誌:zabbix_server.log 核心日誌:/var/log/dmesg 系統日誌:/var/log/messages 郵件系統日誌:/var/log/maillog 安全資訊和系統登入、網路連線資訊日誌:/var/log/secure 記錄現在登入的使用者:/var/run/utmp 記錄每個使用者最後的登入資訊:/var/log/lastlog 記錄錯誤的登入嘗試:/var/log/auth.log ........=> "192.168.1.11:9200" } }
3、kibana WEB安全認證:
當我們安裝完ES、kibana啟動程序,可以直接在瀏覽器訪問,這樣不利於資料安全,接下來我們利用apache的密碼認證進行安裝配置。 通過訪問nginx轉發只ES和Kibana伺服器,kibana伺服器安裝nginx:
wget http://nginx.org/download/nginx-1.16.0.tar.gz tar xf nginx-1.16.0.tar.gz useradd nginx cd nginx-1.16.0 ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module make make install
修改nginx.conf配置檔案程式碼如下:
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream jvm_web1 { server 127.0.0.1:5601 weight=1 max_fails=2 fail_timeout=30s; } server { listen 80; server_name localhost; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://jvm_web1; } } }
安裝httpd-tools工具 會產生htpasswd工具:
yum install httpd-tools -y 設定認證使用者名稱和密碼:admin ******* [root@localhost nginx]# htpasswd -c /usr/share/nginx/html/.htpasswd admin New password: Re-type new password: Adding password for user admin
nginx配置檔案修改為如下:
http 模組下新增: upstream kibana { #配置均衡池: server 127.0.0.1:5601 weight=100 max_fails=2 fail_timeout=15; } server 模組下新增: auth_basic "ELK kibana Monitor Center"; auth_basic_user_file /usr/share/nginx/html/.htpasswd; #配置HTTP認證 proxy_pass http://kibana; #配置反代,當訪問本機IP:80時:轉發到127.0.0.1:5601 kibanakibana配置檔案:/usr/local/kibana/conf/kibana.yml 修改監聽埠:127.0.0.1