C++篇:第十章_名稱空間_知識點大全
一、ELK介紹
ELK是3個開源軟體的縮寫,分別為Elasticsearch 、 Logstash和Kibana , 它們都是開源軟體。不過現在還新增了一個Beats,它是一個輕量級的日誌收集處理工具(Agent),Beats佔用資源少,適合於在各個伺服器上搜集日誌後傳輸給Logstash,官方也推薦此工具,目前由於原本的ELK Stack成員中加入了Beats工具所以已改名為Elastic Stack。
Elasticsearch是個開源分散式搜尋引擎,提供蒐集、分析、儲存資料3大功能。它的特點有:分散式,零配置,自動發現,索引自動分片,索引副本機制,restful風格介面,多資料來源,自動搜尋負載等。
Logstash主要是用來日誌的蒐集、分析、過濾日誌的工具,支援大量的資料獲取方式。一般工作方式為c/s架構,Client端安裝在需要收集日誌的主機上,server端負責將收到的各節點日誌進行過濾、修改等操作在一併發往Elasticsearch上去。
Kibana也是一個開源和免費的工具,Kibana可以為 Logstash和 ElasticSearch提供的日誌分析友好的 Web 介面,可以幫助彙總、分析和搜尋重要資料日誌。
Beats在這裡是一個輕量級日誌採集器,其實Beats家族有6個成員,早期的ELK架構中使用Logstash收集、解析日誌,但是Logstash對記憶體、CPU、io等資源消耗比較高。相比 Logstash,Beats所佔系統的CPU和記憶體幾乎可以忽略不計。
二、基礎環境
1.(虛擬機器)規劃三個節點,一個為主節點,兩個為資料節點:
主機名:elk--1 節點IP:192.168.233.201 節點規劃:Elasticsearch+Kibana(主)
主機名:elk--2 節點IP:192.168.233.202 節點規劃:Elasticsearch+Logstash(資料)
主機名:elk--3 節點IP:192.168.233.203 節點規劃:Elasticsearch(資料)
2.修改主機名:
elk_1節點: [root@localhost ~]# hostnamectl set-hostname elk--1 [root@localhost ~]# bash [root@elk--1 ~]# elk_2節點: [root@localhost ~]# hostnamectl set-hostname elk--2 [root@localhost ~]# bash [root@elk--2 ~]# elk_3節點: [root@localhost ~]# hostnamectl set-hostname elk--3 [root@localhost ~]# bash [root@elk--3 ~]#
3.配置hosts檔案:
elk--1節點:
[root@elk--1 ~]# vi /etc/hosts
[root@elk--1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.11 elk--1
192.168.100.12 elk--2
192.168.100.13 elk--3
elk--2節點:
[root@elk--2 ~]# vi /etc/hosts
[root@elk--2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.11 elk--1
192.168.100.12 elk--2
192.168.100.13 elk--3
elk--3節點:
[root@elk--3 ~]# vi /etc/hosts
[root@elk--3~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.11 elk--1
192.168.100.12 elk--2
192.168.100.13 elk--3
4.yum安裝
部署ELK環境需要jdk1.8以上的JDK版本軟體環境,我們使用opnejdk1.8,3節點全部安裝
[root@elk--1~]# yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel vim net-tools wget
[root@elk--1~]# java -version
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (build 1.8.0_242-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)
三、部署Elasticserach
1.下載 Elasticserach 三個節點都需要下載
下載 Elasticserach-6.0.0.rpm 包
[root@elk--1 ~]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
[root@elk--1 ~]# ls
anaconda-ks.cfg elasticsearch-6.0.0.rpm
2.安裝 Elasticserach 三個節點都需要安裝
[root@elk--1 ~]# rpm -ivh elasticsearch-6.0.0.rpm
// 引數含義:i表示安裝,v表示顯示安裝過程,h表示顯示進度
warning: elasticsearch-6.0.0.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
1:elasticsearch-0:6.0.0-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
3.配置 Elasticserach
elk--1節點(加藍標深的是需要修改的地方):
[root@elk_1 ~]# vi /etc/elasticsearch/elasticsearch.yml
# ======= Elasticsearch Configuration ===========
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ------------------Cluster --------------------
# Use a descriptive name for your cluster:
cluster.name: ELK
//配置es的叢集名稱,預設是elasticsearch,es會自動發現在同一網段下的es,如果在同一網段下有多個叢集,就可以用這個屬性來區分不同的叢集。
# ------------------------Node -----------------
# Use a descriptive name for the node:
node.name: elk-1
//節點名,預設隨機指定一個name列表中名字,該列表在es的jar包中config資料夾裡name.txt檔案中,其中有很多作者新增的有趣名字。
node.master: true
//指定該節點是否有資格被選舉成為node,預設是true,es是預設叢集中的第一臺機器為master,如果這臺機掛了就會重新選舉master。 其他兩節點為false
node.data: false
//指定該節點是否儲存索引資料,預設為true。其他兩節點為true
# ----------------- Paths ----------------
# Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/elasticsearch
//索引資料儲存位置(保持預設,不要開啟註釋)
# Path to log files:
path.logs: /var/log/elasticsearch
//設定日誌檔案的儲存路徑,預設是es根目錄下的logs資料夾
# --------------- Network ------------------
# Set the bind address to a specific IP (IPv4 or IPv6):
network.host: 192.168.233.201
//設定繫結的ip地址,可以是ipv4或ipv6的,預設為0.0.0.0。
# Set a custom port for HTTP:
http.port: 9200
//啟動的es對外訪問的http埠,預設9200
# For more information, consult the network module documentation.
# --------------------Discovery ----------------
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
discovery.zen.ping.unicast.hosts: ["elk-1","elk-2","elk-3"]
//設定叢集中master節點的初始列表,可以通過這些節點來自動發現新加入叢集的節點。
elk--2節點:
[root@elk--2 ~]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: ELK
node.name: elk-2
node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.233.202
http.port: 9200
discovery.zen.ping.unicast.hosts: ["elk-1","elk-2","elk-3"]
elk--3節點:
[root@elk--3 ~]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: ELK
node.name: elk-2
node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.233.203
http.port: 9200
discovery.zen.ping.unicast.hosts: ["elk-1","elk-2","elk-3"]
4.啟動服務
通過命令啟動es服務,啟動後使用ps命令檢視程序是否存在或者使用netstat命令檢視是否埠啟動
三個節點都需要啟動
[root@elk--1 ~]# systemctl start elasticsearch
[root@elk--1 ~]# ps -ef |grep elasticsearch
elastic+ 19280 1 0 09:00 ? 00:00:54 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet
root 19844 19230 0 10:54 pts/0 00:00:00 grep --color=auto elasticsearch
[root@elk--1 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1446/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1994/master
tcp6 0 0 192.168.40.11:9200 :::* LISTEN 19280/java
tcp6 0 0 192.168.40.11:9300 :::* LISTEN 19280/java
tcp6 0 0 :::22 :::* LISTEN 1446/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1994/master
有以上埠或者程序存在,證明es服務啟動成功
5.檢查叢集狀態
使用curl命令來檢查叢集狀態 elk_1 節點:
[root@elk--1 ~]# curl '192.168.233.201:9200/_cluster/health?pretty'
{
"cluster_name" : "ELK",
"status" : "green",
//為green則代表健康沒問題,yellow或者red 則是叢集有問題
"timed_out" : false,
//是否有超時
"number_of_nodes" : 3,
//叢集中的節點數量
"number_of_data_nodes" : 2,
//叢集中data節點的數量
"active_primary_shards" : 1,
"active_shards" : 2,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
四、部署 Kibana
下載部署nginx進行負載均衡
[root@elk-1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo[root@elk-1 ~]# yum install nginx -y
[root@elk-1 ~]# systemctl start nginx
[root@elk-1 ~]# vim /etc/nginx/nginx.conf
upstream elasticsearch {
zone elasticsearch 64K;
server elk-1:9200;
server elk-2:9200;
server elk-3:9200;
}
server {
listen 8080;
server_name 192.168.233.201;
location / {
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/es_access.log;
}
1.在主節點下載安裝 Kibana
[root@elk--1 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.0-x86_64.rpm
[root@elk--1 ~]# rpm -ivh kibana-6.0.0-x86_64.rpm
warning: kibana-6.0.0-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:kibana-6.0.0-1 ################################# [100%]
2.配置 Kibana
[root@elk--1 ~]# vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.233.201"
elasticsearch.url: "http://192.168.233.201:9200"
4.啟動 Kibana
[root@elk--1 ~]# systemctl start kibana
[root@elk--1 ~]# ps -ef |grep kibana
kibana 19958 1 41 11:26 ? 00:00:03 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml
root 19970 19230 0 11:26 pts/0 00:00:00 grep --color=auto kibana
[root@elk--1 ~]# netstat -lntp |grep node
tcp 0 0 192.168.233.201:5601 0.0.0.0:* LISTEN 19958/node
啟動成功後網頁訪問,可以訪問到如下介面。http://192.168.233.201:5601 訪問的這個頁面
五、部署 Logstash
1. 在elk--2節點下載安裝 Logstash
[root@elk--2 ~]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.0.rpm
[root@elk--2 ~]# rpm -ivh logstash-6.0.0.rpm
warning: logstash-6.0.0.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:logstash-1:6.0.0-1 ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
2. 配置 Logstash
修改增加如下:
[root@elk--2 ~]# vim /etc/logstash/logstash.yml
http.host: "192.168.233.202"
配置logstash收集syslog日誌:
[root@elk--2 ~]# vim /etc/logstash/conf.d/syslog.conf
input {
file {
path => "/var/log/messages"
type => "systemlog"
start_position => "beginning"
stat_interval => "3"
}
}
output {
elasticsearch {
hosts => ["192.168.233.201:9200","192.168.233.202:9200","192.168.233.203:9200"]
index => "system-log-%{+YYYY.MM.dd}"
}
}
檢測配置檔案是否錯誤:
[root@elk--2 ~]# ln -s /usr/share/logstash/bin/logstash /usr/bin
// 建立軟連線,方便使用logstash命令
[root@elk--2 ~]# logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf --config.test_and_exit
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK
// 為ok則代表沒問題
3. 授權
[root@elk--2 ~]# chmod 755 /var/log/messages
[root@elk--2 ~]# chown -R logstash /var/lib/logstash/
4. 啟動 logstash
檢查配置檔案沒有問題後,啟動Logstash服務:
[root@elk_2 ~]# systemctl start logstash
使用ps命令,檢視程序:
[root@elk--2 ~]# ps -ef |grep logstash
logstash 21835 1 12 16:45 ? 00:03:01 /bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplicitGC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xms256m -Xss2048k -Djffi.boot.library.path=/usr/share/logstash/vendor/jruby/lib/jni -Xbootclasspath/a:/usr/share/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/share/logstash/vendor/jruby -Djruby.lib=/usr/share/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main /usr/share/logstash/lib/bootstrap/environment.rb logstash/runner.rb --path.settings /etc/logstash
root 21957 20367 0 17:10 pts/2 00:00:00 grep --color=auto logstash
使用netstat命令,檢視程序埠:
[root@elk--2 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 957/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1152/master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7390/nginx: master
tcp6 0 0 :::10514 :::* LISTEN 7403/java
tcp6 0 0 192.168.233.202:9300 :::* LISTEN 6418/java
tcp6 0 0 :::22 :::* LISTEN 957/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1152/master
tcp6 0 0 192.168.233.202:9600 :::* LISTEN 7403/java
tcp6 0 0 192.168.233.202:9200 :::* LISTEN 6418/java
主要檢視9600 埠
5. Kibana 上檢視日誌
之前部署Kibana完成後,還沒有檢索日誌。現在Logstash部署完成,我們回到Kibana伺服器上檢視日誌索引,執行命令如下:
[root@elk--1 ~]# curl '192.168.233.201:9200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open system-syslog-2022.01 tAd3L8W6RHqDeRDOvOdrTA 5 1 10631 0 2.8mb 1.3mb
green open .kibana HJ8wt6BuQaeVcc5Vf1zbcg 1 1 3
6. Web 介面配置
瀏覽器訪問192。168.233.201:5601,到 Kibana 上配置索引
複製下圖黃色標註的地方 貼上到Web介面
按完之後按、按Discover。出現的這個是亂碼顯現
跟著下圖走就可以解決亂碼了
這就是正常介面
六、Logstash 收集 Nginx 日誌
1.下載安裝Nginx
[root@elk--2 ~]# wget http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.16.1-1.el7.ngx.x86_64.rpm
[root@elk--2 ~]# rpm -ivh nginx-1.16.1-1.el7.ngx.x86_64.rpm
警告:nginx-1.16.1-1.el7.ngx.x86_64.rpm: 頭V4 RSA/SHA1 Signature,金鑰 ID 7bd9bf62: NOKEY
準備中... ################################# [100%]
正在升級/安裝...
1:nginx-1:1.16.1-1.el7.ngx ( 3%################################# [100%]
----------------------------------------------------------------------
Thanks for using nginx!
Please find the official documentation for nginx here:
* http://nginx.org/en/docs/
Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* http://nginx.org/en/support.html
Commercial subscriptions for nginx are available on:
* http://nginx.com/products/
----------------------------------------------------------------------
3. 配置 Logstash
在elk--2節點編輯nginx配置檔案:
[root@elk--2 ~]# vim /etc/logstash/conf.d/nginx.conf
input {
file {
path => "/tmp/elk_access.log"
start_position => "beginning"
type => "nginx"
}
}
filter {
grok {
match => { "message" => "%{IPORHOST:http_host} %{IPORHOST:clientip} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUMBER:response} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{QS:xforwardedfor} %{NUMBER:request_time:float}"}
}
geoip {
source => "clientip"
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["192.168.233.202:9200"]
index => "nginx-test-%{+YYYY.MM.dd}"
}
}
使用logstash命令檢查檔案是否錯誤:
[root@elk--2 ~]# logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/nginx.conf --config.test_and_exit
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK
編輯監聽Nginx日誌配置檔案,加入如下內容:
# 不移走這個檔案就 elk.conf 就執不了。因為這個檔案也是 80 埠
[root@elk--2 ~]# mv /etc/nginx/conf.d/default.conf /tmp/
[root@elk--2 ~]#vim /etc/nginx/conf.d/elk.conf
server {
listen 80;
server_name elk.com;
location / {
proxy_pass http://192.168.233.201:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /tmp/elk_access.log main2;
}
修改Nginx日誌配置檔案,增加如下內容(需注意Nginx配置檔案格式):
[root@elk--2 ~]# vim /etc/nginx/nginx.confhttp {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#插入這些加藍程式碼
log_format main2 '$http_host $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$upstream_addr" $request_time';
access_log /var/log/nginx/access.log main2;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
[root@elk--2 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
啟動
[root@elk-2 ~]# systemctl restart logstash
在/etc/hosts檔案中新增下面資訊
192.168.100.30 elk.com
瀏覽器訪問,檢查是否有日誌產生
4. Web 頁面配置
瀏覽器訪問192.168.233.201:5601,到Kibana上配置索引:
檢視elk--1主節點收到沒有
[root@elk--1 ~]# curl '192.168.233.201:9200/_cat/indices?v'
health status index uuid pri rep d
green open system-syslog-2022.01 tAd3L8W6RHqDeRDOvOdrTA 5 1
green open nginx-test-2022.01.14 vzFiklXgRP-GenN_KMe87A 5 1
green open .kibana HJ8wt6BuQaeVcc5Vf1zbcg 1 1
跟著點選即可,如果出現亂碼顯現就去修改他的時間
七、Beats採集日誌
1.在elk--3節點下載安裝 Beats
[root@elk--3 ~]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-x86_64.rpm
--2020-03-30 22:41:52-- https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-x86_64.rpm
正在解析主機 artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:1a::734
正在連線 artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:443... 已連線。
已發出 HTTP 請求,正在等待迴應... 200 OK
長度:11988378 (11M) [binary/octet-stream]
正在儲存至: “filebeat-6.0.0-x86_64.rpm.1”
100%[===================================>] 11,988,378 390KB/s 用時 30s
2020-03-30 22:42:24 (387 KB/s) - 已儲存 “filebeat-6.0.0-x86_64.rpm.1” [11988378/11988378])
[root@elk_3 ~]# rpm -ivh filebeat-6.0.0-x86_64.rpm
2.配置檔案
[root@elk--3 ~]# vim /etc/filebeat/filebeat.yml
filebeat.prospectors:
paths:
- /var/log/elasticsearch/elk.log //此處可自行改為想要監聽的日誌檔案
output.elasticsearch:
hosts: ["192.168.100.11:9200"]
systemctl start filebeat[root@elk_3 ~]# systemctl start filebeat
在elk--1主機上使用curl '192.168.40.11:9200/_cat/indices?v'命令檢視是否監聽到elk-3主機上的日誌(出現filebeat字樣表示成功):
[root@elk--1 ~]# curl '192.168.233.201:9200/_cat/indices?v'
health status index uuid pri rep d
green open system-syslog-2022.01 tAd3L8W6RHqDeRDOvOdrTA 5 1
green open .kibana HJ8wt6BuQaeVcc5Vf1zbcg 1 1
green open filebeat-6.0.0-2022.01.14 drJ2X8boTR-omVjIqFhc6g 3 1
green open nginx-test-2022.01.14 vzFiklXgRP-GenN_KMe87A 5 1
3. Web介面配置
按照上一個步驟在瀏覽器中新增filebeat日誌檔案的監控