搭建ELK环境
- 基础搭建(ubuntu):
- 下载并安装elastic的key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
- 通过apt工具安装
安装apt https工具
sudo apt-get install apt-transport-https
更新apt源
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
- elasticsearch安装及配置
- 安装elasticsearch
sudo apt-get update && sudo apt-get install elasticsearch
- 设置开机启动
sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service
- 启动关闭命令
sudo systemctl start elasticsearch.service sudo systemctl stop elasticsearch.service
- 设置登录验证功能
vim /etc/elasticsearch/elasticsearch.yml
添加如下配置:
xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true
修改如下配置
//配置但节点模式,不开启会启动失败 discovery.type: single-node //设置为0.0.0.0外网才可以访问 network.host: 0.0.0.0
保存后
systemctl restart elasticsearch.service
设置账号密码,执行下列命令:
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
内置用户为elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user
阿里云安全组入方向放行9200,即可通过外网访问elasticsearch了,账号密码为上面设置的,elastic为超级管理员
- kibana安装及配置
- 安装kibana
sudo apt-get update && sudo apt-get install kibana
- 设置开机启动
sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
- 启动关闭命令
sudo systemctl start kibana.service sudo systemctl stop kibana.service
- 设置登录验证功能
vim /etc/kibana/kibana.yml
修改如下配置:
//设置为0.0.0.0外网才可以访问 server.host: "0.0.0.0"elasticsearch.username: "kibana_system"elasticsearch.password: "密码"
保存后
systemctl restart kibana.service
设置阿里云安全组
阿里云安全组入方向放行5601,kibana即可外网访问,可以使用elastic账户登录
- 本机防火墙设置 (不是非必须)
apt install ufw ufw allow ip:port systemctl restart ufw.service
- log追踪
追踪elasticsearch日志
tail -f /var/log/elasticsearch/elasticsearch-plain.log
或
tail -f /var/log/elasticsearch/elasticsearch.log
其他产品同上
- 【搭建ELK环境】ELK产品目录说明
以elasticsearch为例,通过apt方式安装的目录如下:
// 主程序目录 /usr/share/elasticsearch// 配置文件目录 /etc/elasticsearch// 日志目录 /var/log/elasticsearch