架构说明
ELK.png
在各服务器上安装logstash用来对监控日志进行实时传输到日志中心节点,这里redis不是用来存储数据,只是用作队列来连接logstash和elasticserach
- Logstash需要装在需要收集日志的服务器和redis服务器上
- redis、elasticsearch、kibana可以安装在任意一台机器上
安装
官方下载地址 https://www.elastic.co/downloads,因为ELK安装简单,难在使用配置上,所以这里安装步骤大致说明
- Logstash以来java,所以必须先安装jdk
- 下载对应的zip包解压
修改elasticsearch配置文件:network.host: 0.0.0.0
修改kibana配置文件:server.host: "0.0.0.0"
启动
elasticsearch启动不能使用root账户,否则会报错。
进入到相应的安装目录
./bin/logstash -f /xxx/xxx/logstash.conf
su -c "./bin/elasticsearch -d" elk
调试
测试logstash是否工作正常,在终端运行以下命令:
logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
终端在等待你输入,然后输入任意字符后回车
[root@localhost /usr/local/logstash-5.1.1]# bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
Sending Logstash's logs to /usr/local/logstash-5.1.1/logs which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
[2017-01-09T16:17:22,998][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125}
[2017-01-09T16:17:23,020][INFO ][logstash.pipeline ] Pipeline main started
[2017-01-09T16:17:23,155][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
hello elk
{
"@timestamp" => 2017-01-09T08:17:30.318Z,
"@version" => "1",
"host" => "localhost",
"message" => "hello elk",
"tags" => []
}
参考资料:
http://udn.yyuap.com/doc/logstash-best-practice-cn/index.html
https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details
网友评论