centos7使用rpm包安装elk
1、检查安装环境,安装辅助工具
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@localhost ~]# yum install -y net-tools lrzsz.x86_64
[root@localhost ~]# systemctl stop firewalld & systemctl disable firewalld2、下载以下rpm安装包,也可以线安装,包含jdk
[root@localhost software]# ls
elasticsearch-6.3.1.rpm filebeat-6.0.0-x86_64.rpm jdk-8u65-linux-x64.tar.gz kibana-6.3.1-x86_64.rpm logstash-6.0.0.rpm
[root@localhost software]# 3、安装jdk
[root@localhost software]# tar -zxvf jdk-8u65-linux-x64.tar.gz
[root@localhost jdk1.8.0_65]# pwd
/software/jdk1.8.0_65
[root@localhost jdk1.8.0_65]# vi /etc/profile
最后面添加配置
export JAVA_HOME=/software/jdk1.8.0_65
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
[root@localhost jdk1.8.0_65]# source /etc/profile
[root@localhost jdk1.8.0_65]# java -version
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
[root@localhost jdk1.8.0_65]#
添加java软链
[root@localhost jdk1.8.0_65]# ln -s /software/jdk1.8.0_65/bin/java /usr/bin/java
[root@localhost jdk1.8.0_65]# ls /usr/bin/java
/usr/bin/java
[root@localhost jdk1.8.0_65]#4、安装elasticsearch
[root@localhost software]# rpm -ivh elasticsearch-6.3.1.rpm
warning: elasticsearch-6.3.1.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
1:elasticsearch-0:6.3.1-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch
[root@localhost software]# 修改JAVA_HOME配置项
sed -i 's/#JAVA_HOME=/JAVA_HOME=\/software\/jdk1.8.0_65/g' /etc/sysconfig/elasticsearch修改elasticsearch.yml配置中的ip
[root@localhost ~]# sed -i 's/#network.host: 192.168.0.1/network.host: 172.16.8.106/g' /etc/elasticsearch/elasticsearch.yml
[root@localhost ~]# sed -i 's/#discovery.zen.ping.unicast.hosts: \[\"host1\", \"host2\"\]/discovery.zen.ping.unicast.hosts: \[\"172.16.8.106\"\]/g' /etc/elasticsearch/elasticsearch.yml启动elasticsearch,并查看端口及状态
[root@localhost ~]# systemctl start elasticsearch
[root@localhost ~]# systemctl status elasticsearch
[root@localhost ~]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 8444/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8830/master
tcp6 0 0 172.16.8.106:9200 :::* LISTEN 10102/java
tcp6 0 0 172.16.8.106:9300 :::* LISTEN 10102/java
tcp6 0 0 :::22 :::* LISTEN 8444/sshd
tcp6 0 0 ::1:25 :::* LISTEN 8830/master
[root@localhost ~]#
[root@localhost ~]# curl -XGET 172.16.8.106:9200/?pretty
{
"name" : "z0BVOuL",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "VMa4aR4_RimZ8cMqOT9L6w",
"version" : {
"number" : "6.3.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "eb782d0",
"build_date" : "2018-06-29T21:59:26.107521Z",
"build_snapshot" : false,
"lucene_version" : "7.3.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
[root@localhost ~]# 5、安装logstash
[root@localhost ~]# cd /software/
[root@localhost software]# rpm -ivh logstash-6.0.0.rpm
[root@localhost software]# vi /etc/logstash/conf.d/logstash.conf(注:编辑配置文件)
input {
file {
path =>"/usr/log/*"
type =>"system"
start_position =>"beginning"
}
}
filter {
}
output {
elasticsearch {
hosts =>["172.16.8.106:9200"]
index => "test-elk"
}
}
[root@localhost software]# systemctl start logstash
[root@localhost software]# systemctl status logstash
注:可查看logstash相关日志
[root@localhost software]# tail -f /var/log/logstash/logstash-plain.log
[root@localhost software]# rpm -qc logstash
/etc/logstash/jvm.options
/etc/logstash/log4j2.properties
/etc/logstash/logstash.yml
/etc/logstash/startup.options
[root@localhost software]# more /etc/logstash/logstash.yml
往日志目录添加一些测试结果
[root@localhost ~]# mkdir /usr/log
[root@localhost ~]# ping www.baidu.com >> /usr/log/ping.dump6、安装kibana
[root@localhost software]# rpm -ivh kibana-6.3.1-x86_64.rpm
[root@localhost software]# sed -i 's/#server.host: \"localhost\"/server.host: \"172.16.8.106\"/g' /etc/kibana/kibana.yml
[root@localhost software]# sed -i 's/#elasticsearch.url: \"http:\/\/localhost:9200\"/elasticsearch.url: \"http:\/\/172.16.8.106:9200\"/g' /etc/kibana/kibana.yml
[root@localhost software]# systemctl start kibana
[root@localhost software]# systemctl status kibana启动成功后 netstat -nltp 可查看到默认5601端口已开启 http://172.16.8.106:5601 即可访问kibana, 在kibana的Management中添加Index Patterns(若logstash已经收集了日志,则可以看到index已自动创建)
结束。
赞赏(Donation)
微信(Wechat Pay)
