一、准备
-
本方案采用docker安装方式
-
ELK采用最新7.5.0版本
-
服务器操作系统采用centos7.6
-
去
https://www.docker.elastic.co/#获取最新版镜像信息,并分别拉取到本地
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.5.0
docker pull docker.elastic.co/kibana/kibana:7.5.0
docker pull docker.elastic.co/logstash/logstash:7.5.0
- 在服务器端数据盘挂载位置,新建目录
#用于存放elk的配置文件,以便挂载
mkdir -P /dataStore/docker_config/elasticsearch
mkdir -P /dataStore/docker_config/kibana
mkdir -P /dataStore/docker_config/logstash
# 用于存放elasticsearch的数据,在docker镜像启动时,会用-v 参数挂载
mkdir -P /dataStore/docker_datas/elasticsearch
# 用于存放启动脚本
mkdir -P /dataStore/docker_run/
二、安装elasticsearch
- 先随便的将elasticsearch运行起来,以便将配置文件复制出来
docker run --rm -itd -e "discovery.type=single-node" www.v246.com/elasticsearch:7.5
docker cp 007809a9bac1:/usr/share/elasticsearch/config /dataStore/docker_config/elasticsearch/config
- 修改
elasticsearch的配置文件,开启xpack启用登录认证
vi /dataStore/docker_config/elasticsearch/config/elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# 开启xpack
xpack.security.enabled: true
- 更改
elasticsearch数据存储目录的所有者
chown 1000:1000 /dataStore/docker_datas/elasticsearch/ -R
- 编写docker镜像启动脚本
vi /dataStore/docker_run/elasticsearch.sh
docker run -p 9200:9200 -p 9300:9300 -itd --name elasticsearch -e "discovery.type=single-node" --privileged=true -v /dataStore/docker_datas/elasticsearch:/usr/share/elasticsearch/data:z -v /dataStore/docker_config/elasticsearch/config:/usr/share/elasticsearch/config www.v246.com/elasticsearch:7.5
进入elasticsearch 镜像内部,初始化elasticsearch的访问密码。
docker exec -it elasticsearch bash
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
三、安装kibana
- 先随便的将
kibana运行起来,以便将配置文件复制出来
docker run --rm -itd www.v246.com/kibana:7.5.0
- 将配置文件复制出来
docker cp 2880f2bbe0a6:/usr/share/kibana/config /dataStore/docker_config/kibana/config
- 修改配置文件,使用用户名密码登录elasticsearch
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
# 加入下面两个配置
elasticsearch.username: "kibana"
elasticsearch.password: "A0c7y1-5"
- 编写docker镜像启动脚本
vi /dataStore/docker_run/kibana.sh
#配合上面的配置文件,有木有发现,下面的启动命令,有些配置是不是可以省略呢
docker run --name kibana -d -p 5601:5601 --link elasticsearch -v /dataStore/docker_config/kibana/config:/usr/share/kibana/config -e ELASTICSEARCH_URL=http://elasticsearch:9200 www.v246.com/kibana:7.5.0
-
访问
kibana服务好了,现在可以访问
kibana服务了,在浏览器里输入:http://xxx.xxx.xxx.xxx:5601 进行访问,因为咱们开启了elasticsearch的用户认证,所以在访问kibana的时候,需要输入用户名和密码,用户名是:elastic密码,就是你设置的密码
四、安装logstash
- 先随便的将
kibana运行起来,以便将配置文件复制出来
docker run --rm -itd www.v246.com/logstash:7.5.0
- 将配置文件复制出来
docker cp 034dc9b38435:/usr/share/logstash/config /dataStore/docker_config/logstach/config
- 修改配置文件
vi logstash.conf
input {
beats {
host => "0.0.0.0"
port => "5044"
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => [ "elasticsearch:9200" ]
index => "%{[fields][doc_type]}-%{+YYYY.MM.dd}"
user => "logstash_system"
password => "A0c7y1-5"
}
}
- 编写docker镜像启动脚本
vi /dataStore/docker_run/logstash.sh
#注意这里里,最后的-f参数,它是logstash用到的参数,而不是docer的参数
docker run --rm -itd --name logstash --link elasticsearch -p 5044:5044 -p 9600:9600 -v /dataStore/docker_config/logstach/config:/usr/share/logstash/conig www.v246.com/logstash:7.5.0 -f /usr/share/logstash/conig/logstash.conf
至此,ELK服务便已经完成安装,下面就需要到业务服务器上将业务数据比如日志什么的传输到ELK
五、安装Filebeat
- 参照第一步里的准备工作,在需要传输日志到ELK服务器上拉取
filebeat的镜像
docker pull docker.elastic.co/beats/filebeat:7.5.0
官方的
beat工具有很多,这里就以filebeat为例
- 编写配置文件
vi /dataStore/docker_config/filebeat/filebeat.yml
filebeat.inputs:
- paths:
- /home/logs/webServers/tomcat8/tomcat1/logs/catalina.out
multiline:
pattern: ^\d{4}
negate: true
match: after
fields:
doc_type: tomcat_logs2
- paths:
- /home/logs/webServers/tomcat8/tomcat2/logs/catalina.out
multiline:
pattern: ^\d{4}
negate: true
match: after
fields:
doc_type:tomcat_logs3
- paths:
- /home/logs/webServers/nginx/logs/error.log
multiline:
pattern: ^\d{4}
negate: true
match: after
fields:
doc_type: nginx_error_1
output.logstash: # 输出地址
hosts: ["10.4.60.16:5044"]
- 编写启动脚本
docker run --rm --name filebeat -itd -v /dataStore/docker_config/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /dataStore/webServers:/home/logs/webServers/ www.v246.com/filebeat:7.5.0
网友评论