Elkログシステムインストールの導入
16991 ワード
elkって何?
ELKは、ElasticSearch、Logstash、Kibanaの3つのアプリケーションの略です.ElasticSearchはESと略称し、主にデータの格納と取得に用いられる.Logstashは主に往来ESでデータを書き込む.Kibanaは主にデータの展示に使われています
Elkシステムアーキテクチャ図
ElasticSearch
Elasticsearchは分散型、リアルタイム、全文検索エンジンです.すべての操作はRESTfulインタフェースによって実現される.その下位実装はLucene全文検索エンジンに基づいている.データはJSONドキュメント形式でインデックスを格納しており、事前に仕様を定める必要はありません
Logstash
Logstashは非常に柔軟なログ収集ツールであり、Elasticsearchへのデータのインポートに限らず、複数の入力、出力、変換ルールのフィルタリングをカスタマイズできます.
redis転送
Redisサーバは通常、NoSQLデータベースとして使用されますが、logstashはメッセージキューとして使用されます.
Kibana
Kibanaのリアルタイムデータ分析ツール
Elk構成インストール
yum -y install java-1.8.0-openjdk
vim /etc/profile
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.91-1.b14.el6.x86_64/jre
export JAVA_HOME
source /etc/profile
wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.1.noarch.rpm
rpm -ivh elasticsearch-1.7.1.noarch.rpm
:/etc/init.d/elasticsearch start
:
1./usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
2./usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
:Failed: SSLException[java.security.ProviderException: java.security.KeyException]; nested: ProviderException[java.security.KeyException]; nested: KeyException;
: yum upgrade nss
cluster.name: elk-local
node.name: node-1
path.data: /file2/elasticsearch/data
path.logs: /file2/elasticsearch/logs
bootstrap.mlockall: true
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.16"]
wget https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.3.4-1.noarch.rpm
:rpm -ivh logstash-2.3.4-1.noarch.rpm
:/etc/init.d/logstash start
ln -s /opt/logstash/bin/logstash /usr/bin/logstash
input {
file {
path => "/web/nginx/logs/www.log"
type => "nginx-log"
start_position => "beginning"
}
}
output {
if [type] == "nginx-log" {
redis {
host => "192.168.1.16"
port => "6379"
data_type => "list"
key => "nginx:log"
}
}
}
input {
redis {
host => "192.168.1.16"
port => 6379
data_type => "list"
key => "nginx:log"
type => "nginx-log"
}
}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} - %{NOTSPACE:remote_user} \[%{HTTPDATE:timestamp}\]\ \"(?:%{WORD:method} %{NOTSPACE:request}(?: %{URIPROTO:proto}/%{NUMBER:httpversion})?|%
{DATA:rawrequest})\" %{NUMBER:status} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent} (%{WORD:x_forword}|-)- (%{NUMBER:request_time}) -- (%{NUMBER:upstream_response_time}) -- %{IPORHOST
:domain} -- (%{WORD:upstream_cache_status}|-)"
}
}
}
output {
if [type] == "nginx-log" {
elasticsearch {
hosts => ["192.168.1.16:9200"]
index => "nginx-%{+YYYY.MM.dd}"
}
}
}
に出力 :/opt/logstash/bin/logstash -f /etc/logstash/conf.d/xx.conf -t
:service logstash start
wget https://download.elastic.co/kibana/kibana/kibana-4.1.1-linux-x64.tar.gz
tar zxvf https://download.elastic.co/kibana/kibana/kibana-4.1.1-linux-x64.tar.gz
#!/bin/bash
### BEGIN INIT INFO
# Provides: kibana
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Runs kibana daemon
# Description: Runs the kibana daemon as a non-root user
### END INIT INFO
# Process name
NAME=kibana
DESC="Kibana4"
PROG="/etc/init.d/kibana"
# Configure location of Kibana bin
KIBANA_BIN=/vagrant/elk/kibana-4.1.1-linux-x64/bin #
# PID Info
PID_FOLDER=/var/run/kibana/
PID_FILE=/var/run/kibana/$NAME.pid
LOCK_FILE=/var/lock/subsys/$NAME
PATH=/bin:/usr/bin:/sbin:/usr/sbin:$KIBANA_BIN
DAEMON=$KIBANA_BIN/$NAME
# Configure User to run daemon process
DAEMON_USER=root
# Configure logging location
KIBANA_LOG=/var/log/kibana.log
# Begin Script
RETVAL=0
if [ `id -u` -ne 0 ]; then
echo "You need root privileges to run this script"
exit 1
fi
# Function library
. /etc/init.d/functions
start() {
echo -n "Starting $DESC : "
pid=`pidofproc -p $PID_FILE kibana`
if [ -n "$pid" ] ; then
echo "Already running."
exit 0
else
# Start Daemon
if [ ! -d "$PID_FOLDER" ] ; then
mkdir $PID_FOLDER
fi
daemon --user=$DAEMON_USER --pidfile=$PID_FILE $DAEMON 1>"$KIBANA_LOG" 2>&1 &
sleep 2
pidofproc node > $PID_FILE
RETVAL=$?
[[ $? -eq 0 ]] && success || failure
echo
[ $RETVAL = 0 ] && touch $LOCK_FILE
return $RETVAL
fi
}
reload()
{
echo "Reload command is not implemented for this service."
return $RETVAL
}
stop() {
echo -n "Stopping $DESC : "
killproc -p $PID_FILE $DAEMON
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f $PID_FILE $LOCK_FILE
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p $PID_FILE $DAEMON
RETVAL=$?
;;
restart)
stop
start
;;
reload)
reload
;;
*)
# Invalid Arguments, print the following message.
echo "Usage: $0 {start|stop|status|restart}" >&2
exit 2
;;
esac
1.yum install -y httpd #
2. htpasswd ( whereis htpasswd)
htpasswd: /usr/bin/htpasswd /usr/share/man/man1/htpasswd.1.gz
3.
/usr/bin/htpasswd -c /web/nginx/conf/elk/authdb elk
New password: , authdb
4.nginx elk /web/nginx/conf/elk/elk.conf
server {
listen 80;
server_name www.elk.com;
charset utf8;
location / {
proxy_pass http://192.168.1.16$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorized users only";
auth_basic_user_file /web/nginx/conf/elk/authdb;
}
}
server {
listen 80;
server_name www.es.com;
charset utf8;
location / {
proxy_pass http://192.168.1.16:9200$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorized users only";
auth_basic_user_file /web/nginx/conf/elk/authdb;
}
}