1董朝、環(huán)境準(zhǔn)備
| 編號 | 安裝軟件 | 主機(jī)名 | IP地址 | 內(nèi)存 |
|---|---|---|---|---|
| 1 | Elasticsearch | mes-1 | 10.8.156.166 | 3G |
| 2 | Elasticsearch | es-2 | 10.8.156.167 | 3G |
| 3 | Elasticsearch | es-3 | 10.8.156.171 | 3G |
| 4 | Logstash | logstash | 10.8.156.14 | 2G |
| 5 | head/Kibana | kibana | 10.8.156.168 | 2G |
| 6 | kafka | kafka-1 | 10.8.156.176 | 2G |
| 7 | kafka | kafka-2 | 10.8.156.186 | 2G |
| 8 | kafka | kafka-3 | 10.8.156.183 | 2G |
| 9 | kafka | kafka-4 | 10.8.156.179 | 2G |
| 10 | tomcat/filebeat | tomcat | 10.8.156.190 | 1G |
| 11 | nginx/filebeat | nginx | 10.8.156.180 | 1G |
| 12 | mysql/filebeat | mysql | 10.8.156.177 | 1G |
| 13 | httpd/filebeat | httpd | 10.8.156.182 | 1G |
2似舵、整體架構(gòu)
1.jpg
3砸西、filebeat配置
3.1 mysql+filebeat(ip:10.8.156.177)
3.1.1 安裝mysql(略)
3.1.2 安裝配置filebeat
[root@mysql ~]# tar xzf filebeat-7.8.0-linux-x86_64.tar.gz -C /usr/local
[root@mysql ~]# mv /usr/local/filebeat-7.8.0-linux-x86_64 /usr/local/filebeat
[root@mysql ~]# cd /usr/local/filebeat
[root@mysql filebeat]# mv filebeat.yml filebeat.yml.bak
[root@mysql filebeat]# vim filebeat.yml
filebeat.inputs:
- input_type: log
paths:
- /var/lib/mysql/*.log
#json.keys_under_root: true
#json.add_error_key: true
#json.message_key: log
output.kafka:
hosts: ["10.8.156.176:9092","10.8.156.186:9092","10.8.156.183:9092","10.8.156.179:9092"]
topic: 'mysql'
說明:
#json.keys_under_root: true
#json.add_error_key: true
#json.message_key: log
這三行是識別json格式日志的配置,若日志格式不為json格式伞租,需要注釋掉拍鲤,否則收集到的日志為filebeat的錯誤日志
[root@mysql filebeat]# nohup ./filebeat -e -c filebeat.yml &
[root@mysql filebeat]# tail -f nohup.out #查看啟動日志
3.2 httpd+filebeat(ip:10.8.156.182)
[root@httpd ~]# systemctl stop firewalld && setenforce 0
#下載httpd
[root@httpd ~]# yum -y install httpd
[root@httpd ~]# systemctl start httpd
#安裝filebeat
[root@httpd ~]# tar -xvzf filebeat-7.8.0-linux-x86_64.tar.gz -C /usr/local/
[root@httpd ~]# cd /usr/local/
[root@httpd local]# mv filebeat-7.8.0-linux-x86_64/ filebeat
[root@httpd local]# cd filebeat/
[root@httpd filebeat]# mv filebeat.yml filebeat.yml.bak
[root@httpd filebeat]# vim filebeat.yml
filebeat.inputs:
- input_type: log
paths:
- /var/log/httpd/access_log
#json.keys_under_root: true
#json.add_error_key: true
#json.message_key: log
output.kafka:
hosts: ["10.8.156.176:9092","10.8.156.186:9092","10.8.156.183:9092","10.8.156.179:9092"]
topic: 'httpd'
[root@httpd filebeat]# nohup ./filebeat -e -c filebeat.yml &
#查看filebeat啟動日志
[root@httpd filebeat]# tail -f nohup.out
3.3 tomcat+filebeat(ip:10.8.156.190)
3.3.1 安裝配置Tomcat(略)
將tomcat的配置文件/data/application/tomcat/conf/server.xml里的 ".txt" 替換為 “.log”
bbb.png
aaa.png
3.3.2 安裝配置filebeat
root@tomcat ~]#tar xzvf filebeat-6.5.4-linux-x86_64.tar.gz -C /usr/local
[root@tomcat ~]#cd /usr/local/
[root@tomcat local]#mv filebeat-6.5.4-linux-x86_64 filebeat
[root@tomcat local]#cd filebeat/
[root@tomcat filebeat]# mv filebeat.yml filebeat.yml.bak
[root@tomcat filebeat]# vim filebeat.yml
filebeat.inputs:
- input_type: log
paths:
- /data/application/tomcat/logs/*.log
# json.keys_under_root: true
# json.add_error_key: true
# json.message_key: log
output.kafka:
hosts: ["10.8.156.176:9092","10.8.156.186:9092","10.8.156.183:9092","10.8.156.179:9092"]
topic: 'tomcat'
[root@tomcat filebeat]# nohup ./filebeat -e -c filebeat.yml &
[root@tomcat filebeat]# tail -f nohup.out
3.4 nginx+filebeat(ip:10.8.156.180)
[root@nginx ~]# systemctl stop firewalld && setenforce 0
#下載httpd
[root@nginx ~]# yum -y install epel-release;yum -y install nginx
[root@nginx ~]# systemctl start nginx
#安裝filebeat
[root@nginx ~]# tar -xvzf filebeat-7.8.0-linux-x86_64.tar.gz -C /usr/local/
[root@nginx ~]# cd /usr/local/
[root@nginx local]# mv filebeat-7.8.0-linux-x86_64/ filebeat
[root@nginx local]# cd filebeat/
[root@nginx filebeat]# mv filebeat.yml filebeat.yml.bak
[root@nginx filebeat]# vim filebeat.yml
filebeat.inputs:
- input_type: log
paths:
- /var/log/nginx/*.log
#json.keys_under_root: true
#json.add_error_key: true
#json.message_key: log
output.kafka:
hosts: ["10.8.156.176:9092","10.8.156.186:9092","10.8.156.183:9092","10.8.156.179
"]
topic: 'nginx'
[root@nginx filebeat]# nohup ./filebeat -e -c filebeat.yml &
[root@nginx filebeat]# tail -f nohup.out
4澄干、kafka集群
kafka-1:10.8.156.176
kafka-2:10.8.156.186
kafka-3:10.8.156.183
kafka-4:10.8.156.179
4.1 安裝配置jdk(四臺kafka都做)
[root@kafka-2 ~]# tar zxvf /usr/local/package/jdk-8u121-linux-x64.tar.gz -C /usr/local/
[root@kafka-2 ~]# mv /usr/local/jdk1.8.0_121 /usr/local/java
[root@kafka-2 ~]# echo '
JAVA_HOME=/usr/local/java
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME PATH
' >>/etc/profile
[root@kafka-2 ~]# source /etc/profile
4.2 安裝配置ZK
獲取kafka安裝包并上傳服務(wù)器
#安裝
[root@kafka-2 ~]# tar xzvf kafka_2.11-2.1.0.tgz -C /usr/local/
#配置
[root@kafka-2 ~]# sed -i 's/^[^#]/#&/' /usr/local/kafka_2.11-2.1.0/config/zookeeper.properties
[root@kafka-2 ~]# vim /usr/local/kafka_2.11-2.1.0/config/zookeeper.properties #添加如下配置
dataDir=/opt/data/zookeeper/data
dataLogDir=/opt/data/zookeeper/logs
clientPort=2181
tickTime=2000
initLimit=20
syncLimit=10
server.1=10.8.156.176:2888:3888
server.2=10.8.156.186:2888:3888
server.3=10.8.156.183:2888:3888
server.4=10.8.156.179:2888:3888
#創(chuàng)建data、log目錄
[root@kafka-2 ~]# mkdir -p /opt/data/zookeeper/{data,logs}
#myid號按順序排跷跪,例:kafka-1要寫入1
[root@kafka-2 ~]# echo 2 > /opt/data/zookeeper/data/myid
4.3 配置kafka
[root@kafka-2 ~]# sed -i 's/^[^#]/#&/' /usr/local/kafka_2.11-2.1.0/config/server.properties
[root@kafka-2 ~]# vim /usr/local/kafka_2.11-2.1.0/config/server.properties #在最后添加
broker.id=2 #按順序?qū)懖鍪龋灰獊y
listeners=PLAINTEXT://10.8.156.186:9092 #自己的ip
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/opt/data/kafka/logs
num.partitions=6
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=2
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.retention.hours=168
log.segment.bytes=536870912
log.retention.check.interval.ms=300000
zookeeper.connect=10.8.156.176:2181,10.8.156.186:2181,10.8.156.183:2181,10.8.156.179:2181 #kafka集群ip
zookeeper.connection.timeout.ms=6000
group.initial.rebalance.delay.ms=0
[root@kafka-2 ~]# mkdir -p /opt/data/kafka/logs
4.4 啟動
四臺kafka服務(wù)器依次啟動
#啟動zookeeper
[root@kafka-2 ~]# cd /usr/local/kafka_2.11-2.1.0/
[root@kafka-2 kafka_2.11-2.1.0]# nohup bin/zookeeper-server-start.sh config/zookeeper.properties &
#驗證
[root@kafka-2 ~]# netstat -lntp | grep 2181
tcp6 0 0 :::2181 :::* LISTEN 11535/java
#啟動kafka
[root@kafka-2 ~]# cd /usr/local/kafka_2.11-2.1.0/
[root@kafka-2 kafka_2.11-2.1.0]# nohup bin/kafka-server-start.sh config/server.properties &
4.5 驗證
驗證kafka集群是否生成topic
[root@kafka-2 ~]# cd /usr/local/kafka_2.11-2.1.0/
[root@kafka-2 kafka_2.11-2.1.0]# bin/kafka-topics.sh --zookeeper 10.8.156.176 --list #這里ip可以是kafka集群中任意一臺服務(wù)器的ip
__consumer_offsets
httpd
mysql
nginx
tomcat #已經(jīng)生成topic
5、logstash(ip:10.8.156.14)
5.1 安裝配置jdk(見4.1)
5.2 安裝配置logstash
#安裝
[root@logstash ~]# tar xvzf logstash-7.8.0.tar.gz -C /usr/local/
#創(chuàng)建目錄域庇,我們將所有input嵌戈、filter、output配置文件全部放到該目錄中听皿。
[root@logstash ~]# mkdir -p /usr/local/logstash-7.8.0/etc/conf.d
[root@logstash ~]# cd /usr/local/logstash-7.8.0/etc/conf.d/
[root@logstash conf.d]# vim kafka.conf
input {
kafka {
type => "nginx_log"
codec => "json"
topics => "nginx"
decorate_events => true
bootstrap_servers => "10.8.156.176:9092, 10.8.156.186:9092, 10.8.156.183:9092, 10.8.156.179:9092"
}
}
input {
kafka {
type => "tomcat_log"
codec => "json"
topics => "tomcat"
decorate_events => true
bootstrap_servers => "10.8.156.176:9092, 10.8.156.186:9092, 10.8.156.183:9092, 10.8.156.179:9092"
}
}
input {
kafka {
type => "mysql_log"
codec => "json"
topics => "mysql"
decorate_events => true
bootstrap_servers => "10.8.156.176:9092, 10.8.156.186:9092, 10.8.156.183:9092, 10.8.156.179:9092"
}
}
input {
kafka {
type => "httpd_log"
codec => "json"
topics => "httpd"
decorate_events => true
bootstrap_servers => "10.8.156.176:9092, 10.8.156.186:9092, 10.8.156.183:9092, 10.8.156.179:9092"
}
}
output {
elasticsearch {
hosts => ["10.8.156.166:9200"]
index => ["%{type}-%{+YYYY.MM.dd}"]
}
}
#啟動 logstash
[root@logstash conf.d]# cd /usr/local/logstash-7.8.0/
[root@logstash logstash-7.8.0]# nohup bin/logstash -f etc/conf.d/ --config.reload.automatic &
6熟呛、ES集群
mes-1:0.8.156.166
es-2:10.8.156.167
es-3:10.8.156.171
6.1 創(chuàng)建運(yùn)行ES的普通用戶(三臺服務(wù)器都做)
[root@mes-1 ~]# useradd elsearch
[root@mes-1 ~]# echo "123456" | passwd --stdin "elsearch"
6.2 安裝ES(三臺服務(wù)器都做)
tar xzf elasticsearch-7.8.0.tar.gz -C /usr/local/
6.3 配置ES集群
# cd /usr/local/elasticsearch-7.8.0/config/
# cp elasticsearch.yml elasticsearch.yml.bak
# vim elasticsearch.yml ----找個地方添加如下內(nèi)容
6.3.1 mes-1配置文件內(nèi)容
cluster.name: elk
node.name: elk01
node.master: true
node.data: true
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.8.156.166", "10.8.156.167","10.8.156.171"] #可用域名和IP
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 150s
discovery.zen.fd.ping_retries: 10
client.transport.ping_timeout: 60s
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: ["elk01","elk02","elk03"]
6.3.2 es-2配置文件內(nèi)容
cluster.name: elk
node.name: elk02
node.master: true
node.data: true
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.8.156.166", "10.8.156.167","10.8.156.171"] #可用域名和IP
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 150s
discovery.zen.fd.ping_retries: 10
client.transport.ping_timeout: 60s
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: ["elk01","elk02","elk03"]
6.3.3 es-3配置文件內(nèi)容
cluster.name: elk
node.name: elk03
node.master: true
node.data: true
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.8.156.166", "10.8.156.167","10.8.156.171"] #可用域名和IP
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 150s
discovery.zen.fd.ping_retries: 10
client.transport.ping_timeout: 60s
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: ["elk01","elk02","elk03"]
6.4 設(shè)置JVM堆(三臺)
[root@mes-1 config]# vim jvm.options ----將
-Xms1g ----修改成 -Xms2g
-Xmx1g ----修改成 -Xms2g
注意:
確保堆內(nèi)存最小值(Xms)與最大值(Xmx)的大小相同,防止程序在運(yùn)行時改變堆內(nèi)存大小尉姨。堆內(nèi)存大小不要超過系統(tǒng)內(nèi)存的50%
6.5 創(chuàng)建ES數(shù)據(jù)及日志存儲目錄(三臺)
[root@mes-1 ~]# mkdir -p /data/elasticsearch/data
[root@mes-1 ~]# mkdir -p /data/elasticsearch/logs
修改安裝目錄及存儲目錄權(quán)限
[root@mes-1 ~]# chown -R elsearch:elsearch /data/elasticsearch
[root@mes-1 ~]# chown -R elsearch:elsearch /usr/local/elasticsearch-7.8.0
6.6 系統(tǒng)優(yōu)化
#增加最大文件打開數(shù)
echo "* - nofile 65536" >> /etc/security/limits.conf
#增加最大進(jìn)程數(shù)
vim /etc/security/limits.conf ---在文件最后面添加如下內(nèi)容
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
#增加最大內(nèi)存映射數(shù)(在內(nèi)存不足的情況下庵朝,使用交換空間)
[root@mes-1 ~]# vim /etc/sysctl.conf ---添加如下
vm.max_map_count=262144
vm.swappiness=0
[root@mes-1 ~]# sysctl -p
或
[root@mes-1 ~]# sysctl -w vm.max_map_count=262144 ---增大用戶使用內(nèi)存的空間(臨時)
6.7 啟動ES(三臺)
[root@mes-1 ~]# su - elsearch
[root@mes-1 elasticsearch-7.8.0]$ nohup ./bin/elasticsearch & #放后臺啟動
[root@mes-1 elasticsearch-7.8.0]$ tail -f nohup.out #看一下是否啟動
瀏覽器訪問:
image.png
image.png
7、kibana+head(ip:10.8.156.168)
7.1 安裝配置head監(jiān)控插件
7.1.1 安裝node
[root@kibana ~]# wget https://npm.taobao.org/mirrors/node/latest-v4.x/node-v4.4.7-linux-x64.tar.gz
[root@kibana ~]# tar -zxf node-v4.4.7-linux-x64.tar.gz –C /usr/local //head運(yùn)行依賴于node環(huán)境
[root@kibana ~]# vim /etc/profile #添加如下變量
NODE_HOME=/usr/local/node-v4.4.7-linux-x64
PATH=$NODE_HOME/bin:$PATH
export NODE_HOME PATH
[root@kibana ~]# source /etc/profile
[root@kibana ~]# node --version #檢查node版本號
v4.4.7
7.1.2 下載head插件
[root@kibana ~]# wget https://github.com/mobz/elasticsearch-head/archive/master.zip
[root@kibana ~]# cp master.zip /usr/local/
[root@kibana ~]# yum -y install unzip //有的話就不用下載
[root@kibana ~]# cd /usr/local
[root@kibana local]# unzip master.zip
7.1.3 安裝grunt
[root@kibana ~]# cd elasticsearch-head-master/
[root@kibana ~]# npm config set registry https://registry.npm.taobao.org
[root@kibana elasticsearch-head-master]# npm install -g grunt-cli #時間會很長
[rootlocalhost elasticsearch-head-master]# grunt --version #檢查grunt版本號
grunt-cli v1.3.2
7.1.4 修改head源碼
[root@kibana elasticsearch-head-master]# vim /usr/local/elasticsearch-head-master/Gruntfile.js
image.png
添加hostname,注意在上一行末尾添加逗號,hostname 不需要添加逗號
[root@kibana elasticsearch-head-master]# vim /usr/local/elasticsearch-head-master/_site/app.js
image.png
7.1.5 下載head必要的文件
[root@kibana ~]# wget https://github.com/Medium/phantomjs/releases/download/v2.1.1/phantomjs-2.1.1-linux-x86_64.tar.bz2
[root@kibana ~]# yum -y install bzip2
[root@kibana ~]# tar -jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 -C /tmp/ #解壓
7.1.6 運(yùn)行head
[root@kibana ~]# cd /usr/local/elasticsearch-head-master/
[root@kibana elasticsearch-head-master]# npm config set registry https://registry.npm.taobao.org
[root@kibana elasticsearch-head-master]# npm install
[root@kibana elasticsearch-head-master]# nohup grunt server &
[root@kibana elasticsearch-head-master]# tailf nohup.out
Running "connect:server" (connect) task
Waiting forever...
Started connect web server on http://localhost:9100
7.1.7 測試
訪問head插件10.8.156.168:9100
image.png
7.2 kibana部署
7.2.1 安裝
[root@kibana ~]# tar -xvzf kibana-7.8.0-linux-x86_64.tar.gz -C /usr/local/
7.2.2 配置
[root@kibana ~]# cd /usr/local/kibana-7.8.0-linux-x86_64.tar.gz/config/
[root@kibana config]# vim kibana.yml
server.port: 5601
server.host: "10.8.156.168" #kibana本機(jī)的地址
elasticsearch.hosts: "http://10.8.156.166:9200" #ES主節(jié)點地址+端口
kibana.index: ".kibana"
7.2.3 啟動
[root@kibana config]# cd ..
[root@kibana kibana-7.8.0-linux-x86_64]# nohup ./bin/kibana --allow-root &
[1] 12054
[root@kibana kibana-7.8.0-linux-x86_64]# tail -f nohup.out
注意:#7.8版本的kibana啟動:不可以使用root用戶啟動九府,若要使用root用戶啟動:nohup ./bin/kibana --allow-root &
7.3 安裝配置nginx反向代理
#安裝nginx
[root@kibana ~]# yum -y install epel-release;yum install -y nginx
#配置反向代理 (為了訪問時地址后面不用寫端口號椎瘟,可以直接用IP進(jìn)行訪問)
先把/etc/nginx/nginx.conf 里的server模塊注釋掉
[root@kibana ~]# cd /etc/nginx/conf.d/
[root@kibana conf.d]# mv default.conf default.conf.bak
[root@kibana conf.d]# vim default.conf
server {
listen 80;
server_name 10.8.156.168;
#charset koi8-r;
# access_log /var/log/nginx/host.access.log main;
# access_log off;
location / {
proxy_pass http://10.8.156.168:5601;
proxy_set_header Host $host:5601;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location /status {
stub_status on; #開啟網(wǎng)站監(jiān)控狀態(tài)
access_log /var/log/nginx/kibana_status.log; #監(jiān)控日志
auth_basic "NginxStatus"; }
location /head/{
proxy_pass http://10.8.156.168:9100;
proxy_set_header Host $host:9100;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
#配置nginx日志格式
1.將原來的log_format注釋掉,添加json格式的配置信息侄旬,如下:
[root@kibana conf.d]# vim /etc/nginx/nginx.conf
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"referer": "$http_referer",'
'"ua": "$http_user_agent"'
'}';
2.引用定義的json格式的日志:
access_log /var/log/nginx/access_json.log json;
image.png
啟動nginx
systemctl start nginx
8肺蔚、驗證
查看head上是否出現(xiàn)索引
image.png
然后去kibana上面添加索引
image.png
image.png
image.png
image.png
image.png
日志收集成功,依次添加Tomcat儡羔、mysql宣羊、nginx索引,并查看日志
image.png
image.png
image.png
