ELK环境搭建及client配置
官网下载:logstash、kibana、elas;在server端:
安装logstash:rpm包方式,最新版本
/etc/logstash/conf.d/下,创建个配置文件,用来收集client端的日志信息:
#vimserver.conf
input { #配置输入信息及方式;
redis {
port => "6379"
host => "10.6.22.75"
data_type => "list"
key => "logstash-redis"
type => "redis-input"
}
}
output { #配置数据信息收集并输出到elasticsearch
elasticsearch {
hosts => "10.6.22.75"
index => "logstash-%{+YYYY.MM.dd}"
}
}
安装elas:
tar.gz包格式,解压出来到任意目录后,到config下面,编辑配置文件elasticsearch.yml,修改如下信息:
path.logs: /data/log/
path.data: /data/el_data/
http.port: 9200
network.host: 10.6.22.75
如果是单节点就如上配置,多节点就需要配置集群模式;
到bin目录下,编辑启动文件elasticsearch,配置允许root用户启动:
if [ -z "$daemonized" ] ; then
exec "$JAVA" $JAVA_OPTS $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -Des.insecure.allow.root=true -cp "$ES_CLASSPATH" \
org.elasticsearch.bootstrap.Elasticsearch start "$@"
else
exec "$JAVA" $JAVA_OPTS $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -Des.insecure.allow.root=true -cp "$ES_CLASSPATH" \
org.elasticsearch.bootstrap.Elasticsearch start "$@" <&- &
安装kibana:
tar.gz最新版安装包,解压出来,编辑config目录下面的配置文件,修改:
elasticsearch.url: "http://10.6.22.75:9200"#elas的地址,不能使用127.0.0.1,否则启动失败;
client端:
安装logstash,并配置conf.d下配置文件:
input {
file { #可配置多个file文件目录;
path => ["/data/x/app/tomcat7-tms-pp/logs/catalina.out"]
type => "tomcat_log"
start_position => "beginning"
}
}
output {
redis {
host => "10.6.22.75"
key => 'logstash-redis'
data_type => 'list'
}
}
页:
[1]