架構(gòu)說明
ELK.png
在各服務(wù)器上安裝logstash用來對監(jiān)控日志進(jìn)行實時傳輸?shù)饺罩局行墓?jié)點璧诵,這里redis不是用來存儲數(shù)據(jù)屯曹,只是用作隊列來連接logstash和elasticserach
- Logstash需要裝在需要收集日志的服務(wù)器和redis服務(wù)器上
- redis损话、elasticsearch腰涧、kibana可以安裝在任意一臺機器上
安裝
官方下載地址 https://www.elastic.co/downloads,因為ELK安裝簡單净神,難在使用配置上竿报,所以這里安裝步驟大致說明
- Logstash以來java铅乡,所以必須先安裝jdk
- 下載對應(yīng)的zip包解壓
修改elasticsearch配置文件:network.host: 0.0.0.0
修改kibana配置文件:server.host: "0.0.0.0"
啟動
elasticsearch啟動不能使用root賬戶,否則會報錯烈菌。
進(jìn)入到相應(yīng)的安裝目錄
./bin/logstash -f /xxx/xxx/logstash.conf
su -c "./bin/elasticsearch -d" elk
調(diào)試
測試logstash是否工作正常阵幸,在終端運行以下命令:
logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
終端在等待你輸入花履,然后輸入任意字符后回車
[root@localhost /usr/local/logstash-5.1.1]# bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
Sending Logstash's logs to /usr/local/logstash-5.1.1/logs which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
[2017-01-09T16:17:22,998][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125}
[2017-01-09T16:17:23,020][INFO ][logstash.pipeline ] Pipeline main started
[2017-01-09T16:17:23,155][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
hello elk
{
"@timestamp" => 2017-01-09T08:17:30.318Z,
"@version" => "1",
"host" => "localhost",
"message" => "hello elk",
"tags" => []
}
參考資料:
http://udn.yyuap.com/doc/logstash-best-practice-cn/index.html
https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details
