docker安装ELK

一、elasticsearch(仅用于测试环境)

1、拉取镜像(docker版本19.03.9)

docker pull elastic/elasticsearch:7.10.2

2、创建挂载目录

mkdir -p /data/elk/es/{config,data,logs}

3、赋予权限

chmod -R 777 /data/elk/es
chmod -R 777 /data/elk/es/config
chmod -R 777 /data/elk/es/data
chmod -R 777 /data/elk/es/logs

4、es配置

vim /data/elk/es/config/elasticsearch.yml
cluster.name: "myes"
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true

5、运行elasticsearch

docker run -it -d -p 9200:9200 -p 9300:9300 --name es -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -e "discovery.type=single-node" --restart=always -v /data/elk/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /data/elk/es/data:/usr/share/elasticsearch/data -v /data/elk/es/logs:/usr/share/elasticsearch/logs elastic/elasticsearch:7.10.2

6、配置ES密码

(1)进入elasticsearch容器中

docker exec -it 2b1473a43f2f /bin/bash
cd bin
elasticsearch-setup-passwords interactive -u 'http://192.168.67.1:9200'
依次设置用户:elastic、apm_system、kibana_system、logstash_system、beats_system、remote_monitoring_user共6个用户密码。

7、访问

curl --user elastic:password http://192.168.67.1:9200/

二、kibana(仅用于测试环境)

1、拉取镜像

docker pull elastic/kibana:7.10.2

2、获取elasticsearch容器ip

docker inspect --format '{{ .NetworkSettings.IPAddress }}' es

3、创建文件存放目录

mkdir -p /data/elk/kibana/

4、创建配置文件

vi /data/elk/kibana/kibana.yml
#172.17.0.2是elasticsearch容器的ip
server.name: kibana
server.host: "0"
elasticsearch.hosts: ["http://172.17.0.2:9200"]
xpack.monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: "zh-CN"
# 此处设置elastic的用户名和密码
elasticsearch.username: elastic
elasticsearch.password: password

5、运行kibana

docker run -d --restart=always --log-driver json-file --log-opt max-size=200m --log-opt max-file=2 --name kibana -p 5601:5601 -v /data/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml elastic/kibana:7.10.2

6、访问

  http://192.168.67.1:5601

三、logstash(仅用于测试环境)

1、拉取镜像

docker pull elastic/logstash:7.10.2

2、创建文件存放目录

mkdir -p /data/elk/logstash/
mkdir -p /data/elk/logstash/conf.d/

3、创建logstash.yml

vim /data/elk/logstash/logstash.yml
#172.17.0.2是elasticsearch容器的ip
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://172.17.0.2:9200" ]
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme
path.config: /data/elk/logstash/conf.d/*.conf
path.logs: /var/log/logstash

4、创建syslog.conf

vim /data/elk/logstash/conf.d/syslog.conf
input {
    syslog {
        type => "system-syslog"
        port => 5044
    }
}
output {
    elasticsearch {
        hosts => ["192.168.67.1:9200"] # 定义es服务器的ip
        index => "system-syslog-%{+YYYY.MM}" # 定义索引
    }
}

5、本地rsyslog配置增加如下内容

vim /etc/rsyslog.conf
*.* @@192.168.67.1:5044

6、重启rsyslog服务

systemctl restart rsyslog

7、运行logstash

docker run -d --restart=always --log-driver json-file --log-opt max-size=100m --log-opt max-file=2 -p 5044:5044 --name logstash -v /data/elk/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml -v /data/elk/logstash/conf.d/:/data/docker/logstash/conf.d/ elastic/logstash:7.10.2

 

posted @ 2022-12-22 15:27  宜家数据小哥  阅读(696)  评论(0编辑  收藏  举报