2. 程式人生 > 其它 >|NO.Z.00082|——————————|^^ 部署 ^^|——|Linux&ELK日誌分析&.V03|--------------------------------------------|Kibana|Nginx

|NO.Z.00082|——————————|^^ 部署 ^^|——|Linux&ELK日誌分析&.V03|--------------------------------------------|Kibana|Nginx

阿新 發佈:2022-03-25

[LinuxNetworkEnd:Linux&ELK日誌分析&.V03]                                               [Applications.LinuxNetworkEnd] [|ELK日誌分析|安裝JDK環境|配置elasticsearch|配置logstash|配置kibana|nginx客戶端配置|操作流程|]







一、配置kibana
### --- 配置kibana
~~~     開啟Kibana配置檔案/usr/local/kibana-6.2.3-linux-x86_64/config/kibana.yml,
~~~     找到下面這行並修改
~~~     這樣其他電腦就能用瀏覽器訪問Kibana的服務了;

[root@server11 ~]# vim /usr/local/kibana-6.2.3-linux-x86_64/config/kibana.yml
server.host:"localhost"
#修改為
server.host: "10.10.10.11"
 
### --- 進入Kibana的目錄:
~~~     執行啟動命令:nohup bin/kibana &
~~~     檢視啟動日誌:tail -f nohup.out    等於:tailf nohup.out
~~~     檢視埠是否啟動:netstat -antp |grep 5601

[root@server11 ~]# cd /usr/local/kibana-6.2.3-linux-x86_64/
[root@server11 kibana-6.2.3-linux-x86_64]# nohup bin/kibana &
[2] 12537
### --- 系統自動執行

[root@server11 kibana-6.2.3-linux-x86_64]# nohup: ignoring input and appending output to ‘nohup.out’
[root@server11 kibana-6.2.3-linux-x86_64]# netstat -antp |grep 5601
tcp        0      0 10.10.10.11:5601        0.0.0.0:*               LISTEN      12537/bin/../node/b 
 
### --- 測試:

~~~     在瀏覽器訪問http://10.10.10.11:5601/app/kibana#/home?_g=()
~~~     到此,ELK部署完成
http://10.10.10.11:5601/app/kibana#/home?_g=()(Kibana預設介面) 二、nginx客戶端配置
 
### --- yum 安裝二進位制nginx軟體包

[root@server11 ~]# yum install -y nginx
[root@server11 ~]# systemctl start nginx
[root@server11 ~]# systemctl enable nginx
 
### --- 驗證nginx是否配置成功http://10.10.10.11/
### --- 下載Filebeat並解壓到/usr/local/

[root@server11 ~]# cd /elk/
[root@server11 elk]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.3-linux-x86_64.tar.gz
[root@server11 elk]# tar -xf filebeat-6.2.3-linux-x86_64.tar.gz -C /usr/local/
### --- 開啟檔案/usr/local/filebeat-6.2.3-linux-x86_64/filebeat.yml找到如下位置:修改三處

[root@server11 elk]# vim /usr/local/filebeat-6.2.3-linux-x86_64/filebeat.yml
  enabled: true                                         // 修改為true
  paths:
    - /var/log/nginx/*.log                              // 修改為/var/log/nginx/*.log
#output.elasticsearch:                                  // 將此行註釋掉
  # hosts: ["localhost:9200"]   
output.logstash:                                        // 將此行註釋掉
  hosts: ["10.10.10.11:5044"]                           // 取消此行註釋並修改IP地址為ELK伺服器地址
### --- 切換到/usr/local/filebeat-6.2.3-linux-x86_64目錄下
~~~     cd /usr/local/filebeat-6.2.3-linux-x86_64
~~~     後臺啟動filebeat:nohup./filebeat -e -c filebeat.yml &
~~~     檢視日誌:tailf nohup.out

[root@server11 elk]# cd /usr/local/filebeat-6.2.3-linux-x86_64
[root@server11 filebeat-6.2.3-linux-x86_64]# nohup ./filebeat -e -c filebeat.yml &
[3] 13105
[root@server11 filebeat-6.2.3-linux-x86_64]# nohup: ignoring input and appending output to ‘nohup.out’      #指令自動執行
[root@server11 filebeat-6.2.3-linux-x86_64]# tailf nohup.out
me":212},"total":{"ticks":220,"time":224,"value":220},"user":{"ticks":10,"time":12}},"info":{"ephemeral_id":"5365e498-e87f-445d-8707-68d2784b0bea","uptime":{"ms":30128}},"memstats":{"gc_next":4856576,"memory_alloc":2888320,"memory_total":4500456,"rss":12713984}},"filebeat":{"events":{"added":8,"done":8},"harvester":{"open_files":2,"running":2,"started":2}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":6,"batches":1,"total":6},"read":{"bytes":6},"type":"logstash","write":{"bytes":788}},"pipeline":{"clients":1,"events":{"active":0,"filtered":2,"published":6,"retry":6,"total":8},"queue":{"acked":6}}},"registrar":{"states":{"current":2,"update":8},"writes":4},"system":{"cpu":{"cores":2},"load":{"1":0.02,"15":0.09,"5":0.05,"norm":{"1":0.01,"15":0.045,"5":0.025}}}}}}
### --- 通過瀏覽器多訪問幾次nginx服務,這樣能多製造一些訪問日誌,
~~~     訪問地址:https://10.10.10.11
~~~     多重新整理幾次nginx然後訪問http://10.10.10.11:5601/app/kibana#/management/kibana/index?_g=():
~~~     監控到日誌

### --- 訪問Kibana:https://10.10.10.11:5601,點選左上角的Discover,
~~~     就可以看到訪問日誌已經被ELK蒐集了,然後按照下列步驟完成設定
~~~     輸入logstash-*, 點選"Next step"
~~~     選擇Time Filter,再點選"Create index pattern"
~~~     然後可自行建立日誌內容查詢規則
~~~     #實際上就是:將logstash-*從filebeat接收過來的日誌傳送給了ELK

 
### --- 點選:Discover——>Index pattern:logstash-*
### --- ——>Next step:@timestamp——>Create index pattern——>END
### --- Discover——>右上角時間修改為15s
### --- ——>可以檢視到日誌(說明ELK已經監控到了nginx服務的日誌)——>END
——>search——>END







===============================END===============================

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart                                                                                                                                                    ——W.S.Landor



來自為知筆記(Wiz)

相關推薦

no