未加星标

日志分析系统ELK(业务日志)

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 20160901 | 作者 红领巾 ] 0人收藏点击收藏

所有日志文件目录在/data/visitlog下,按日期分子目录

1,上传所有所需包至服务器

elasticsearch-1.7.0.zip

jdk-7u79-linux-x64.rpm

kibana-4.1.1-linux-x64.tar.gz

logstash-1.5.3.tar.gz

nginx-1.8.0.tar.gz

2,安装jdk

rpm -ivhnginx-1.8.0.tar.gz

echo export JAVA_HOME=/usr/java/jdk1.7.0_79/ >> /etc/profile

echo export PATH=$JAVA_HOME/bin:$PATH >> /etc/profile

echo export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar >> /etc/profile

source /etc/profile

3,部署elk

tar xzfkibana-4.1.1-linux-x64.tar.gz -C /data/elk/

tar xzflogstash-1.5.3.tar.gz -C /data/elk/

unzipelasticsearch-1.7.0.zip

mv elasticsearch-1.7.0 /data/elk/elasticsearch

cd /data/elk

mvkibana-4.1.1-linux-x64 kibana

mv logstash-1.5.3 logstash

4,配置logstash

mkdir /data/elk/logstash/etc

vim/data/elk/logstash/etc/logs.conf

input {
file {
path => ["/data/visitlog/**/*.log" ]
#start_position => "beginning" #start_position为从何处导入日志,不配置的情况下默认为从开启服务时开始导入生成的日志,beginning为将目录中所有日志导入
}
}
output {
stdout { codec=> dots }
elasticsearch {host => "localhost" }
}

5,启动服务

nohup /data/elk/kibana/bin/kibana &

nohup /data/elk/elasticsearch/bin/elasticsearch &

nohup /data/elk/logstash/bin/logstash -f /data/elk/logstash/etc/log.conf &

6,查看是否有9200 9300 5601端口启动

7,登录kibana查看

http://IP:5601

8,nginx反向代理与认证登录配置

yum install pcre-devel zlib-devel -y

tar xzfnginx-1.8.0.tar.gz

cd nginx-1.8.0

./configure --prefix=/usr/local/nginx

make && make install

vim /etc/init.d/nginx

#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# this script create it by ruijie. at 2014.02.26
# if you find any errors on this scripts,please contact ruijie.
# and send mail to ruijie at gmail dot com.
# [email protected]
### BEGIN INIT INFO
# Provides: nginx
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts nginx
# Description: starts the nginx server
### END INIT INFO
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/usr/local/nginx/logs/nginx.pid
RETVAL=0
prog="nginx"
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ] && netstat -tunpl | grep nginx &> /dev/null;then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog!"
$nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog!"
$nginxd -s stop
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/nginx
}
# reload nginx service functions.
reload() {
echo -n $"Reloading $prog!"
#kill -HUP `cat ${nginx_pid}`
$nginxd -s reload
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|help}"
exit 1
esac
exit $RETVAL

chmod +x /etc/init.d/nginx

mkdir /usr/local/nginx/conf/conf.d

nginx.conf http模块中添加include /usr/local/nginx/conf/conf.d/*.conf; 注释掉server模块

vim/usr/local/nginx/conf/conf.d/kibana.conf

server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/kibana.access.log main;
error_log logs/kibana.error.log;
location / {
#root html;
#index index.html index.htm;
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
proxy_pass http://127.0.0.1:5601/;
proxy_set_header Cookie $http_cookie;
#proxy_cookie_path /vga/ /;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}

htpasswd -c /usr/local/nginx/passwd.db admin #admin为登录用户

chmod 777 passwd.db

service nginx start

9,现在可直接使用IP地址来登录kibana,提示输入用户名密码

本文地址:http://www.codesec.net/Linux/2016-09/135099.htm


日志分析系统ELK(业务日志)

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: Nginx服务器Linux
分页:12
转载请注明
本文标题:日志分析系统ELK(业务日志)
本站链接:http://www.codesec.net/view/481885.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(31)