ELK日志分析平台搭建全程
环境:OS:Centos 6.6
elasticsearch-5.6.3.tar.gz
jdk-8u151-linux-x64.tar.gz
kibana-5.6.3-linux-x86_64.tar.gz
logstash-5.6.3.tar.gz
node-v6.11.4-linux-x64.tar.xz
一、准备环境:
1、创建用户,并给安装目录设置权限
1
2
3
4
# groupadd elk
# useradd -g elk elk
# mkdir /elk
# chown -R elk:elk /elk
修改系统某些参数值:【如不修改启动时会报错】
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# vim /etc/security/limits.conf//添加一下内容
---------------------------
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
----------------------------
# vim /etc/security/limits.d/90-nproc.conf//添加如下内容
* soft nproc 2048
# vim /etc/sysctl.conf // 添加一下内容
------------------
vm.max_map_count=655360
----------------------
# sysctl -p // 查看vm.max_map_count 值是否修改成功
安装Java
# mkdir /usr/local/Java
# tar -zxvf jdk-8u151-linux-x64.tar.gz -C /usr/local/Java
添加环境变量:
# vim /etc/profile
添加如下:
1
2
3
export JAVA_HOME=/usr/local/Java/jdk1.8.0_151
export PATH=$PATH:$JAVA_HOME/bin
exportCLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPAT
重新加载
# source /etc/profile
查看是否安装成功:
1
2
3
4
# java -version
java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)
二:安装ELK
1、安装elasticsearch
1
2
3
4
5
6
# tar -zxvf elasticsearch-5.6.3.tar.gz
修改配置文件:
vim ./elasticsearch-5.6.3/config/elasticsearch.yml
//设置监听IP及监听端口:
network.host: 0.0.0.0 // 设置监听IP
http.port: 9200 //设置监听端口
注:elasticsearch不能使用root用户启动
启动elasticsearch //第一次启动有点慢:
1
2
3
4
5
6
7
$ cd /elk/elasticsearch-5.6.3/bin
$ ./elasticsearch
然后查看端口:
# ss -tnl | grep 9200
LISTEN 0 128 ::ffff:192.168.159.130:9200 :::*
#
2、安装kibana
# tar -zxvf kibana-5.6.3-linux-x86_64.tar.gz
1
2
3
4
5
6
7
解压后编辑配置文件;
# vim ../config/kibana.yml //修改为 elasticsearch 的访问地址及端口如下
#server.host: "localhost"
server.host: "192.168.159.130"
#elasticsearch.url: "http://localhost:9200"
elasticsearch.url: "
然后保存启动如下;
1
2
3
4
5
6
7
8
# ./kibana
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to yellow - Waiting for Elasticsearch
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Server running at http://localhost:5601
log Status changed from uninitialized to yellow - Elasticsearch plugin is yellow
3、安装 logstash-5.6.3.tar.gz
1
2
3
# tar -zxvf logstash-5.6.3.tar.gz
解压后编辑配置文件,然后就可以使用了
谢谢分享
页:
[1]