安裝EPEL

sudo yum -y install epel-release

安裝Redis

sudo yum -y install redis

設(shè)置開(kāi)機(jī)自啟動(dòng)然后啟動(dòng)：

sudo systemctl daemon-reload
sudo systemctl enable redis.service
sudo systemctl start redis.service

安裝ELK

只安裝ELK：Elasticsearch距境、Logstash申尼、Kibana，Elastic Stack的其他組件沒(méi)裝垫桂。

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

新增文件/etc/yum.repos.d/elasticsearch.repo：

[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

用的是清華的源师幕。

安裝：

sudo yum -y install elasticsearch kibana logstash

Systemd開(kāi)啟開(kāi)機(jī)自啟動(dòng)：

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl enable kibana.service

啟動(dòng)：

sudo systemctl start elasticsearch.service
sudo systemctl start kibana.service
sudo systemctl start logstash.service

驗(yàn)證一下Elasticsearch：

curl http://localhost:9200
{
  "name" : "Nv3NQKr",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "Rx24DAWoS_ySLqeDCPNm0g",
  "version" : {
    "number" : "5.1.1",
    "build_hash" : "5395e21",
    "build_date" : "2016-12-06T12:36:15.409Z",
    "build_snapshot" : false,
    "lucene_version" : "6.3.0"
  },
  "tagline" : "You Know, for Search"
}

Elasticsearch和Kibana基本是開(kāi)箱即用，默認(rèn)配置就能跑起來(lái)诬滩。

配置LogStash

增加配置文件/etc/logstash/conf.d/logstash_indexer.conf:

input {
  redis {
    key => "logstash:phplogs"
    data_type => ["list"]
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

意思是從本機(jī)redis的logstash:phplogs里列表里讀數(shù)據(jù)霹粥，寫入本機(jī)的Elasticsearch。改完配置重新啟動(dòng)LogStash

Laravel寫日志

寫日志方法多樣碱呼，我這里把日志寫到Redis蒙挑，讓LogStash收集。

Laravel文檔說(shuō)在bootstrap/app.php配置Monolog愚臀，但是這個(gè)時(shí)候各種Service都沒(méi)起來(lái)，難道要自己在這里連Redis？所以我用一個(gè)Service Provider配置Monolog：

<?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Log;
use Monolog\Logger;
use Monolog\Handler\RedisHandler;
use Monolog\Formatter\LogstashFormatter;
use Redis;
use Config;

class LogServiceProvider extends ServiceProvider
{
    public function boot()
    {
        $monolog      = Log::getMonolog();
        $formatter    = new LogstashFormatter(Config::get('app.name'));
        $redisHandler = new RedisHandler(Redis::connection('log'), 'logstash:phplogs');
        $redisHandler->setFormatter($formatter);
        $monolog->pushHandler($redisHandler);
    }

    public function register()
    {
        //
    }
}

Kibana

有日志寫入后姑裂，就可在Kibana看到：

Kibana

參考

1. Elasticsearch馋袜、Logstash、Kibana搭建統(tǒng)一日志分析平臺(tái)
   內(nèi)容有點(diǎn)舊舶斧。用兩個(gè)服務(wù)器部署欣鳖，其中一臺(tái)有完整的ELK，另一臺(tái)有LogStash收集日志茴厉，流程是LogStash收集日志文件 -> Redis -> LogStash -> ElasticSearch泽台。
2. How to use Logstash with Monolog
   參考了Redis和Monolog配置。