在 CentOS7 部署 ELK8.0

个人博客网站:www.zhaoq.top

 

1、环境准备:关闭防火墙与selinux

setenforce 0 #临时关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #永久关闭SELnux(重启生效)

2、修改Linux最大打开文件数

cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$"
*                soft    nproc           65536
*                hard    nproc           65536
*                soft    nofile          65536
*                hard    nofile          65536

cat /etc/sysctl.conf | grep -v "^#"
vm.max_map_count = 655360

# 应用配置
[root@aclab ~]# sysctl -p

[root@aclab ~]# cat /etc/systemd/system.conf | grep -v "^#"
[Manager]
DefaultLimitNOFILE=655360
DefaultLimitNPROC=655360

3、安装JAVA环境

下载java11 #使用java8也可以

yum install -y jdk-11.0.15.1_linux-x64_bin.rpm
# 查看java版本
java -version
java version "11.0.15.1" 2022-04-22 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.15.1+2-LTS-10)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.15.1+2-LTS-10, mixed mode)

# Java_Path
export JAVA_HOME=/usr/java/jdk-11.0.15.1/
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

# LogStash_Java_Path
export LS_JAVA_HOME=/usr/java/jdk-11.0.15.1/

4、安装Elasticsearch

下载安装包 ,我这里使用RPM包,安装简单点,自行下载需要软件版本包

下载地址:https://www.elastic.co/cn/downloads/enterprise-search
下载地址:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.0.0-x86_64.rpm
# yum install -y elasticsearch-8.0.0-x86_64.rpm
安装,安装过程会自动创建superuser的密码

--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : snZ9BREy1v1Bw*W+NTVn   ****一会用到这个******

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

安装完直接启动

# systemctl start elasticsearch

测试访问

浏览器访问:https://172.16.5.240:9200/
会弹出需要账号密码

elastic:snZ9BREy1v1Bw*W+NTVn
出现如下这样是正常

 也可以再终端

# curl https://172.16.5.240:9200 --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic

 

5、安装kibana

下载地址:https://artifacts.elastic.co/downloads/kibana/kibana-8.0.0-x86_64.rpm
安装
# yum install -y kibana-8.0.0-x86_64.rpm

 

编辑kibana.yml文件
# vi /etc/kibana/kibana.yml
配置允许外部主机访问
server.host: "0.0.0.0"
# Kibana 修改中文
在kibana.yml配置文件中添加一行配置
i18n.locale: "zh-CN"
启动服务
#  systemctl start kibana
查看服务器监听端口
#  netstat -tunlp |grep 5601
#  netstat -tunlp |grep 9200

 

访问kibana5601端口

http://172.16.5.240:5601/
会出现如下界面

需要生成kibana令牌tonken

[root@5-240 ~]# /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxNzIuMTYuNS4yNDA6OTIwMCJdLCJmZ3IiOiI3NTIzM2MxYmVlNDMyMzNjYjcwN2ZmYTYyNjRiM2ZiODM4ZGNkODY4OTU0Y2YwZmRhNGNhMTI1ODZjMjQ5YzEzIiwia2V5IjoiemJwSXhZMEI0TVdLT1EyekpIOXo6ZmVTdmx4LVVUMnViMkNqc1N4T1hmUSJ9

在tonken/令牌处输入生成的密钥

 

 

然后出现如下

 

# 在服务器中检索验证码

# sh /usr/share/kibana/bin/kibana-verification-code

Your verification code is:  946 884 

等待配置

出现如下登录界面

# 输入Elasticsearch的用户名密码,进入系统 elastic:snZ9BREy1v1Bw*W+NTVn 

# 进入kibana后台后可以根据需要修改elastic密码

更改登录密码

唤出菜单,单机下方

接着

 

 

 

 更改密码 

验证登录

#####

6、安装logstash

下载地址:https://artifacts.elastic.co/downloads/logstash/logstash-8.0.0-x86_64.rpm
# yum install -y logstash-8.0.0-x86_64.rpm

 

 

# 配置logstash

# vim /etc/logstash/conf.d/syslog.conf
input {
  syslog {
    type => "system-syslog"
    port => "5044"
  }
}
output {
  elasticsearch {
    hosts => ["https://172.16.5.240:9200"]
    index => "system-syslog-%{+YYYY.MM.DD}"
    user => "elastic"
    password => "123456"
    cacert => "/etc/logstash/certs/http_ca.crt"
  }
}

# 创建一个软连接

# ln -s /usr/share/logstash/bin/logstash /bin/

# 复制证书文件

# mkdir /etc/logstash/certs
# cp /etc/elasticsearch/certs/http_ca.crt !$

# logstash 的监听 IP 是127.0.0.1这个本地 IP,本地 IP 无法远程通信,所以需要修改一下配置文件,配置一下监听的 IP:

# vim /etc/logstash/logstash.yml 
api.http.host: 172.16.5.240
api.http.port: 9600

# 配置权限

:以RPM包安装Logstash时,默认以Logstash用户启动Logstash,在root用户下配置的文件,需要修改logstash的配置文件的权限。

# cd /var/lib/logstash
# chown -R logstash:logstash *
# cd /var/log/logstash
# chown -R logstash:logstash *
# cd /etc/logstash/
# chown -R logstash:logstash *

启动logstash服务即可

# systemctl restart logstash

 

7、在kibana页面加载索引

点击 Stack Managemnt--kibana--数据视图--创建数据视图--创建索引即可

 

posted @ 2024-02-20 14:57  日光倾城-  阅读(419)  评论(0)    收藏  举报