uid init rap epg safe hosts cms put earch

這篇博客講的是elasticsearch+logstash+kibana部署的方法。

內容大綱：

1、elasticsearch+logstash+kibana部署

2、收集Tomcat日誌

3、收集tcp日誌

一、elasticsearch+logstash+kibana部署

1、elasticsearch部署

由於條件有限，這三個組件都裝在同一臺機器上面。

系統版本：

elasticsearch-6.7.0、logstash-6.7.0、kibana-6.7.0-linux-x86_64

[[email protected] ~]# cd /usr/local/elasticsearch-6.7.0/

[[email protected] elasticsearch-6.7.0]# ls
bin config lib LICENSE.txt logs modules NOTICE.txt plugins README.textile
[[email protected] elasticsearch-6.7.0]# vim config/elasticsearch.yml

[[email protected] elasticsearch-6.7.0]# grep ‘^[a-z]‘ config/elasticsearch.yml
cluster.name: my-application

node.name: node-1
path.data: /elk/data
path.logs: /elk/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"

[[email protected] ~]# mkdir -p /elk/data/ /elk/logs/
[[email protected] ~]# useradd elasticsearch
[[email protected] ~]# chown -R elasticsearch:elasticsearch /elk/

[[email protected] ~]# chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-6.0.0
[[email protected] ~]# su - elasticsearch
[[email protected] ~]$ cd /usr/local/elasticsearch-6.0.0/
[[email protected] bin]$ ./elasticsearch -d 後臺啟動，此時啟動不了，需要修改一下配置

[[email protected] ~]# vim /etc/security/limits.conf 重啟參數才能生效

* hard nofile 65536
* soft nofile 65536
* soft memlock unlimited
* hard memlock unlimited

[[email protected] ~]# vim /etc/sysctl.conf
vm.max_map_count=262144
[[email protected] ~]# sysctl -p 參數生效

切換用戶之後重新啟動，查看進程和監聽端口
[[email protected] ~]# ps -ef|grep java 查看進程
elastic+ 6750 1 1 12:29 pts/2 00:02:30 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -XX:+HeapDumpOnOutOfMemoryError -Des.path.home=/usr/local/elasticsearch-6.0.0 -Des.path.conf=/usr/local/elasticsearch-6.0.0/config -cp /usr/local/elasticsearch-6.0.0/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

[[email protected] ~]# netstat -tlunp|grep java 查看端口
tcp6 0 0 :::9200 :::* LISTEN 6750/java
tcp6 0 0 :::9300 :::* LISTEN 6750/java

[[email protected] ~]# curl 192.168.209.7:9200 查看信息
{
"name" : "node-1",
"cluster_name" : "my-application",
"cluster_uuid" : "Z3TOUu0jTUiCSHsuFJsv_g",
"version" : {
"number" : "6.0.0",
"build_hash" : "8f0685b",
"build_date" : "2017-11-10T18:41:22.859Z",
"build_snapshot" : false,
"lucene_version" : "7.0.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}

2、kibana部署：

[[email protected] ~]# cd /usr/local/src/kibana-6.7.0-linux-x86_64/
[[email protected] kibana-6.7.0-linux-x86_64]# grep ‘^[a-z]‘ config/kibana.yml
server.port: 5601
server.host: "192.168.199.7"
elasticsearch.url: "http://192.168.199.7:9200"
kibana.index: ".kibana"
[[email protected] ~]# useradd kibana
[[email protected] ~]# chown -R kibana:kibana /usr/local/src/kibana-6.7.0-linux-x86_64

[[email protected] ~]# su - kibana
[[email protected] ~]$ cd /usr/local/src/kibana-6.7.0-linux-x86_64/bin/
[[email protected] bin]$ nohup ./kibana &
[[email protected] ~]# ps -ef|grep kibana
kibana 3704 1 2 12:20 pts/1 00:08:52 ./../node/bin/node --no-warnings --max-http-header-size=65536 ./../src/cli
[[email protected] ~]# netstat -tlunp|grep 5601
tcp 0 0 192.168.199.7:5601 0.0.0.0:* LISTEN 3704/./../node/bin/

在頁面訪問：

kibana部署完成。

3、logstash部署

[[email protected] ~]# cd /usr/local/src/logstash-6.7.0/
自己寫一下配置文件

[[email protected] logstash-6.7.0]# cat config/tomcat.conf
input {
file {
path => ["/app/tomcat/logs/*"]
type => "tomcat-access-log-5612"
start_position => "beginning"
stat_interval => "2"
codec => "json"
}
}


output {
elasticsearch {
hosts => ["192.168.199.7:9200"]
index => "logstash-tomcat-access-log-5612-%{+YYYY.MM.dd}"
}
file {
path => "/tmp/tomcat.txt"
}
}

[[email protected] logstash-6.7.0]# ./bin/logstash -f config/tomcat.conf -t 測試一下配置文件是否正確
Sending Logstash logs to /usr/local/src/logstash-6.7.0/logs which is now configured via log4j2.properties
[2019-04-05T19:04:13,134][WARN ][logstash.config.source.multilocal] Ignoring the ‘pipelines.yml‘ file because modules or command line options are specified
Configuration OK
[2019-04-05T19:04:37,134][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
有這個字段（Configuration OK）表示沒有問題，去掉-t之後就可以啟動了。

logstash部署完成。

二、收集Tomcat日誌。

簡單安裝一下Tomcat

[[email protected] ~]# cd /app/apache-tomcat-8.5.35/
[[email protected] ~]# cd /app/
[[email protected] app]# ln -sv /app/apache-tomcat-8.5.35 /app/tomcat
[[email protected] app]# ll
總用量 0
drwxr-xr-x. 9 root root 220 4月 5 12:40 apache-tomcat-8.5.35
lrwxrwxrwx. 1 root root 25 4月 5 12:41 tomcat -> /app/apache-tomcat-8.5.35
[[email protected] app]# cd tomcat/webapps/
[[email protected] webapps]# rm -rf *
[[email protected] webapps]# mkdir test
[[email protected] test]# cat index.html
tomcat page
[[email protected] bin]# cd /app/tomcat/bin/
[[email protected] bin]# ./startup.sh
[[email protected] bin]# netstat -tlunp|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 10106/java
頁面訪問：

啟動一下logstash讓日誌傳過來，然後在頁面查看：

此時就有了日誌。

elasticsearch+logstash+kibana部署