一榜晦、安裝kibana

下載地址https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz

二、準(zhǔn)備工作，添加ELK用戶设联，用ELK用戶啟動elk

useradd?elk

usermod -s /sbin/nologin #不讓elk用戶來登錄系統(tǒng)

解壓安裝kibana

? ? tar -zxvf kinana-6.2.3-linux-x86_64.tar.gz

? ? mv?kinana-6.2.3-linux-x86_64? /usr/local/kibana

三、kibana配置文件

vim /usr/local/kibana/config/kibana.yml修改如下內(nèi)容

server.port:5601

server.host:"0.0.0.0"

#elasticsearch.url:"http://localhost:9200"

#elasticsearch.username:"user"(配置連接elasticsearch的用戶名密碼)

#elasticsearch.password:"pass"

四灼捂、把kibana目錄改為elk用戶

chown -R elk:elk /usr/local/kibana

五离例、腳本啟動

vim /usr/local/kibana/bin/start.sh

nohup /usr/local/kibana/bin/kibana >>/tmp/kibana.log &

2>>/tmp/kibana.log

chmod a+x?/usr/local/kibana/bin/start.sh

六、普通用戶啟動

su -s /bin/bash elk 'ussr/local/kibana/bin/start.sh'

如有防火墻需要放行tcp5601

需要進(jìn)行安全加固悉稠，因為kibana默認(rèn)沒有任何權(quán)限限制需要將kibana的server.host改成127.0.0.1

安裝nginx

配置nginx源cd /etc/yum.repos.d/

touch nginx.repo

將以下內(nèi)容貼進(jìn)去

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/

gpgcheck=0

enabled=1

執(zhí)行yum install -y nginx?

在nginx的配置文件中去修改/etc/nginx/conf/nginx.conf

worker_processes?1;

events {

???worker_connections?1024;

}

http {

???include??????mime.types;

???default_type?application/octet-stream;

???log_format?main?'$remote_addr - $remote_user [$time_local] "$request" '

?????????????????????'$status $body_bytes_sent "$http_referer" '

?????????????????????'"$http_user_agent" "$http_x_forwarded_for"';

???sendfile???????on;

???keepalive_timeout?65;

???server {

??????listen??????5609;

??????access_log?/usr/local/nginx/logs/kibana_access.log main;#日志記錄宫蛆，可以查看到訪問的IP，后面放行允許訪問的

??????error_log /usr/local/nginx/logs/kibana_error.log error;#日志記錄

??????location / {

??????????allow 127.0.0.1;#這里默認(rèn)是本機(jī)的，如果需要修改成運(yùn)行訪問的IP耀盗，在下面一行添加

??????????deny all;

? ? ? ? ? ?#?auth_basic "elk auth";通過認(rèn)證的方式訪問

??? ??? ???#auth_basic_user_file /usr/local/nginx/conf/htpasswd;通過認(rèn)證的方式訪問

??????????proxy_passhttp://127.0.0.1:5601;

??????}

???}

}

printf "elk:$(openssl passwd -1r00t@123)\n" >/usr/local/nginx/conf/htpasswd#這里配置用戶名密碼

配置完之后nprintf "elk:$(openssl passwd -1 r00t@123)\n" >/usr/local/nginx/conf/htpasswdginx -t?檢查下

使用nginx -s reload?重讀配置文件不需要重啟

七想虎、elasticsearch?安裝

https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz

tar -zxvf elasticsearch-6.2.3.tar.gz

mv?elasticsearch-6.2.3.tar.gz /usr/local/elasticsearch

修改配置文件

vim elasticsearch.yml

path.data: /usr/local/elasticsearch/data

path.logs: /usr/local/elasticsearch/logs

network.host: 127.0.0.1

http.port: 9200

修改完之后，需要修改elasticsearch文件用戶所屬組

chown -R elk:elk /usr/localelasticsearch/

如果機(jī)器配置較低?需要修改jvm.options配置文件

-Xms 500M#默認(rèn)是1G

-Xmx 500M

配置啟動腳本start.sh?

/usr/local/elasticsearch/bin/elasticsearch -d

腳本執(zhí)行權(quán)限

chmod a+x?/usr/local/elasticsearch/bin/start.sh

啟動elasticsearchbash?

su -s /bin/ elk "/usr/local/elasticsearch/bin/start.sh"

日志文件在/usr/local/elasticsearch/logs/elasticsearch.log

如果要配置在外網(wǎng)上面需要修改內(nèi)核參數(shù)

需要修改的內(nèi)容

vim /etc/security/limits.conf

* soft nofile 65536

* hard nofile 65536

vim /etc/security/limits.d/20-nproc.conf

*?????????soft???nproc????10240

*?????????hard???nproc????10240

vim /etc/sysctl.conf

vm.max_map_count = 262144需要執(zhí)行sysctl -p生效

這樣就監(jiān)聽在外網(wǎng)IP上了叛拷，建議監(jiān)控內(nèi)網(wǎng)機(jī)器

八舌厨、logstash安裝

https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz

tar -zxvf logstash-6.2.3.tar.gz

mv logstash-6.2.3 /usr/local/logstash

logstash配置logstash.conf

input {

?file {

???path => "/usr/local/nginx/logs/kibana_access.log"

?}

}

output {

?elasticsearch {

???hosts => ["http://127.0.0.1:9200"]

?}

logstash?啟動腳本

vim /usr/local/logstash/bin/start.sh

/usr/local/logstash/bin/logstash -f /usr/local/logstash/config/logstash.conf >>/tmp/logstash.log 2>>/tmp/logstash.log &

chmod a+x /usr/local/logstash/bin/start.sh

啟動時間較長

登錄kibana上面再management中配置

完成后再discover中查看。