软件 | 说明 |
---|---|
elasticsearch | 分布式、高扩展、高实时的搜索与数据分析引擎 |
kibana | 一个基于浏览器的Elasticsearch分析和搜索仪表板 |
filebeat | 收集文件数据 |
文档 | 文档链接 |
---|---|
elasticsearch 7.17 yum 文档 | https://www.elastic.co/guide/en/elasticsearch/reference/7.17/rpm.html |
kibana 7.17 yum 文档 | https://www.elastic.co/guide/en/kibana/7.17/rpm.html |
filebeat 7.17 yum 文档 | https://www.elastic.co/guide/en/beats/filebeat/7.17/setup-repositories.html |
为何不选择 ELK(Elasticsearch、Logstash、Kibana)?
- Logstash 占用资源太多,而 Filebeat 是轻量级的,可以忽略不计
说明
- 为了文档满足所有部署条件及相关限制,故将 elasticsearch、kibana、filebeat 分别安装在三台服务器上
安装过程
-
在 elasticsearch 所在的服务器上操作
- 导入 elasticsearch GPG 密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
- 添加 elasticsearch yum 源
在 CentOS 中新增文件 /etc/yum.repos.d/elasticsearch.repo
文件内容:vi /etc/yum.repos.d/elasticsearch.repo
[elasticsearch] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=0 autorefresh=1 type=rpm-md
- 搜索 elasticsearch 版本号
yum --showduplicates list elasticsearch --enablerepo=elasticsearch
[root@centos7-2009 yum.repos.d]# yum --showduplicates list elasticsearch --enablerepo=elasticsearch Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.huaweicloud.com Available Packages elasticsearch.x86_64 7.0.0-1 elasticsearch elasticsearch.x86_64 7.0.1-1 elasticsearch elasticsearch.x86_64 7.1.0-1 elasticsearch elasticsearch.x86_64 7.1.1-1 elasticsearch elasticsearch.x86_64 7.2.0-1 elasticsearch elasticsearch.x86_64 7.2.1-1 elasticsearch elasticsearch.x86_64 7.3.0-1 elasticsearch elasticsearch.x86_64 7.3.1-1 elasticsearch elasticsearch.x86_64 7.3.2-1 elasticsearch elasticsearch.x86_64 7.4.0-1 elasticsearch elasticsearch.x86_64 7.4.1-1 elasticsearch elasticsearch.x86_64 7.4.2-1 elasticsearch elasticsearch.x86_64 7.5.0-1 elasticsearch elasticsearch.x86_64 7.5.1-1 elasticsearch elasticsearch.x86_64 7.5.2-1 elasticsearch elasticsearch.x86_64 7.6.0-1 elasticsearch elasticsearch.x86_64 7.6.1-1 elasticsearch elasticsearch.x86_64 7.6.2-1 elasticsearch elasticsearch.x86_64 7.7.0-1 elasticsearch elasticsearch.x86_64 7.7.1-1 elasticsearch elasticsearch.x86_64 7.8.0-1 elasticsearch elasticsearch.x86_64 7.8.1-1 elasticsearch elasticsearch.x86_64 7.9.0-1 elasticsearch elasticsearch.x86_64 7.9.1-1 elasticsearch elasticsearch.x86_64 7.9.2-1 elasticsearch elasticsearch.x86_64 7.9.3-1 elasticsearch elasticsearch.x86_64 7.10.0-1 elasticsearch elasticsearch.x86_64 7.10.1-1 elasticsearch elasticsearch.x86_64 7.10.2-1 elasticsearch elasticsearch.x86_64 7.11.0-1 elasticsearch elasticsearch.x86_64 7.11.1-1 elasticsearch elasticsearch.x86_64 7.11.2-1 elasticsearch elasticsearch.x86_64 7.12.0-1 elasticsearch elasticsearch.x86_64 7.12.1-1 elasticsearch elasticsearch.x86_64 7.13.0-1 elasticsearch elasticsearch.x86_64 7.13.1-1 elasticsearch elasticsearch.x86_64 7.13.2-1 elasticsearch elasticsearch.x86_64 7.13.3-1 elasticsearch elasticsearch.x86_64 7.13.4-1 elasticsearch elasticsearch.x86_64 7.14.0-1 elasticsearch elasticsearch.x86_64 7.14.1-1 elasticsearch elasticsearch.x86_64 7.14.2-1 elasticsearch elasticsearch.x86_64 7.15.0-1 elasticsearch elasticsearch.x86_64 7.15.1-1 elasticsearch elasticsearch.x86_64 7.15.2-1 elasticsearch elasticsearch.x86_64 7.16.0-1 elasticsearch elasticsearch.x86_64 7.16.1-1 elasticsearch elasticsearch.x86_64 7.16.2-1 elasticsearch elasticsearch.x86_64 7.16.3-1 elasticsearch elasticsearch.x86_64 7.17.0-1 elasticsearch elasticsearch.x86_64 7.17.1-1 elasticsearch elasticsearch.x86_64 7.17.2-1 elasticsearch elasticsearch.x86_64 7.17.3-1 elasticsearch elasticsearch.x86_64 7.17.4-1 elasticsearch elasticsearch.x86_64 7.17.5-1 elasticsearch elasticsearch.x86_64 7.17.6-1 elasticsearch elasticsearch.x86_64 7.17.7-1 elasticsearch [root@centos7-2009 yum.repos.d]#
- 安装 elasticsearch,由于个版本存在差异,本文以 7.17(当前时间为
2022-10-28,7.17为主版本7的最新版)为例,为了防止后续主版本7有所更改,导致本文配置无效,故安装时指定版本为 7.17sudo yum install -y --enablerepo=elasticsearch elasticsearch-7.17.7-1
[root@centos7-2009 yum.repos.d]# sudo yum install -y --enablerepo=elasticsearch elasticsearch-7.17.7-1 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.huaweicloud.com Resolving Dependencies --> Running transaction check ---> Package elasticsearch.x86_64 0:7.17.7-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================================================================== Package Arch Version Repository Size =========================================================================================================================================================== Installing: elasticsearch x86_64 7.17.7-1 elasticsearch 300 M Transaction Summary =========================================================================================================================================================== Install 1 Package Total download size: 300 M Installed size: 501 M Downloading packages: elasticsearch-7.17.7-x86_64.rpm | 300 MB 00:00:30 Running transaction check Running transaction test Transaction test succeeded Running transaction Creating elasticsearch group... OK Creating elasticsearch user... OK Installing : elasticsearch-7.17.7-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore Verifying : elasticsearch-7.17.7-1.x86_64 1/1 Installed: elasticsearch.x86_64 0:7.17.7-1 Complete! [root@centos7-2009 yum.repos.d]#
- elasticsearch 常用命令
- 查看状态
systemctl status elasticsearch.service
- 查看开机启动状态
systemctl list-unit-files | grep elasticsearch.service
- 启动
systemctl start elasticsearch.service
- 停止
systemctl stop elasticsearch.service
- 重启
systemctl restart elasticsearch.service
- 打开开机自启
systemctl enable elasticsearch.service
- 关闭开机自启
systemctl disable elasticsearch.service
- 查看状态
如果返回下列信息,表示正常启动:curl 127.0.0.1:9200/_cat/health
[root@centos7-2009 yum.repos.d]# curl 127.0.0.1:9200/_cat/health 1666948679 09:17:59 elasticsearch green 1 1 3 3 0 0 0 0 - 100.0%
- elasticsearch 远程访问
- 开放端口
firewall-cmd --zone=public --add-port=9200/tcp --permanent firewall-cmd --reload firewall-cmd --list-all
- 修改 /etc/elasticsearch/elasticsearch.yml 文件,使 elasticsearch 可以远程访问:
vi /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
- 修改了远程连接后,需要将下列配置放开(名称可以自己指定),否则启动失败:
cluster.name: my-application node.name: node-1 cluster.initial_master_nodes: ["node-1"]
- 重启 elasticsearch
systemctl restart elasticsearch.service
- 导入 elasticsearch GPG 密钥
-
在 kibana 所在的服务器上操作
- 导入 kibana GPG 密钥(与 elasticsearch 相同)
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
-
添加 kibana yum 源
在 CentOS 中新增文件 /etc/yum.repos.d/kibana.repo,文件内容:vi /etc/yum.repos.d/kibana.repo
[kibana-7.x] name=Kibana repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
-
搜索 kibana 版本号
yum --showduplicates list kibana
[root@centos8 ~]# yum --showduplicates list kibana CentOS-8.5.2111 - Base - mirrors.aliyun.com 38 kB/s | 3.9 kB 00:00 CentOS-8.5.2111 - Extras - mirrors.aliyun.com 20 kB/s | 1.5 kB 00:00 CentOS-8.5.2111 - AppStream - mirrors.aliyun.com 41 kB/s | 4.3 kB 00:00 Extra Packages for Enterprise Linux 8 - x86_64 46 kB/s | 4.7 kB 00:00 Kibana repository for 7.x packages 8.3 MB/s | 47 MB 00:05 Available Packages kibana.x86_64 7.0.0-1 kibana-7.x kibana.x86_64 7.0.1-1 kibana-7.x kibana.x86_64 7.1.0-1 kibana-7.x kibana.x86_64 7.1.1-1 kibana-7.x kibana.x86_64 7.2.0-1 kibana-7.x kibana.x86_64 7.2.1-1 kibana-7.x kibana.x86_64 7.3.0-1 kibana-7.x kibana.x86_64 7.3.1-1 kibana-7.x kibana.x86_64 7.3.2-1 kibana-7.x kibana.x86_64 7.4.0-1 kibana-7.x kibana.x86_64 7.4.1-1 kibana-7.x kibana.x86_64 7.4.2-1 kibana-7.x kibana.x86_64 7.5.0-1 kibana-7.x kibana.x86_64 7.5.1-1 kibana-7.x kibana.x86_64 7.5.2-1 kibana-7.x kibana.x86_64 7.6.0-1 kibana-7.x kibana.x86_64 7.6.1-1 kibana-7.x kibana.x86_64 7.6.2-1 kibana-7.x kibana.x86_64 7.7.0-1 kibana-7.x kibana.x86_64 7.7.1-1 kibana-7.x kibana.x86_64 7.8.0-1 kibana-7.x kibana.x86_64 7.8.1-1 kibana-7.x kibana.x86_64 7.9.0-1 kibana-7.x kibana.x86_64 7.9.1-1 kibana-7.x kibana.x86_64 7.9.2-1 kibana-7.x kibana.x86_64 7.9.3-1 kibana-7.x kibana.x86_64 7.10.0-1 kibana-7.x kibana.x86_64 7.10.1-1 kibana-7.x kibana.x86_64 7.10.2-1 kibana-7.x kibana.aarch64 7.11.0-1 kibana-7.x kibana.x86_64 7.11.0-1 kibana-7.x kibana.aarch64 7.11.1-1 kibana-7.x kibana.x86_64 7.11.1-1 kibana-7.x kibana.aarch64 7.11.2-1 kibana-7.x kibana.x86_64 7.11.2-1 kibana-7.x kibana.aarch64 7.12.0-1 kibana-7.x kibana.x86_64 7.12.0-1 kibana-7.x kibana.aarch64 7.12.1-1 kibana-7.x kibana.x86_64 7.12.1-1 kibana-7.x kibana.aarch64 7.13.0-1 kibana-7.x kibana.x86_64 7.13.0-1 kibana-7.x kibana.aarch64 7.13.1-1 kibana-7.x kibana.x86_64 7.13.1-1 kibana-7.x kibana.aarch64 7.13.2-1 kibana-7.x kibana.x86_64 7.13.2-1 kibana-7.x kibana.aarch64 7.13.3-1 kibana-7.x kibana.x86_64 7.13.3-1 kibana-7.x kibana.aarch64 7.13.4-1 kibana-7.x kibana.x86_64 7.13.4-1 kibana-7.x kibana.aarch64 7.14.0-1 kibana-7.x kibana.x86_64 7.14.0-1 kibana-7.x kibana.aarch64 7.14.1-1 kibana-7.x kibana.x86_64 7.14.1-1 kibana-7.x kibana.aarch64 7.14.2-1 kibana-7.x kibana.x86_64 7.14.2-1 kibana-7.x kibana.aarch64 7.15.0-1 kibana-7.x kibana.x86_64 7.15.0-1 kibana-7.x kibana.aarch64 7.15.1-1 kibana-7.x kibana.x86_64 7.15.1-1 kibana-7.x kibana.aarch64 7.15.2-1 kibana-7.x kibana.x86_64 7.15.2-1 kibana-7.x kibana.aarch64 7.16.0-1 kibana-7.x kibana.x86_64 7.16.0-1 kibana-7.x kibana.aarch64 7.16.1-1 kibana-7.x kibana.x86_64 7.16.1-1 kibana-7.x kibana.aarch64 7.16.2-1 kibana-7.x kibana.x86_64 7.16.2-1 kibana-7.x kibana.aarch64 7.16.3-1 kibana-7.x kibana.x86_64 7.16.3-1 kibana-7.x kibana.aarch64 7.17.0-1 kibana-7.x kibana.x86_64 7.17.0-1 kibana-7.x kibana.aarch64 7.17.1-1 kibana-7.x kibana.x86_64 7.17.1-1 kibana-7.x kibana.aarch64 7.17.2-1 kibana-7.x kibana.x86_64 7.17.2-1 kibana-7.x kibana.aarch64 7.17.3-1 kibana-7.x kibana.x86_64 7.17.3-1 kibana-7.x kibana.aarch64 7.17.4-1 kibana-7.x kibana.x86_64 7.17.4-1 kibana-7.x kibana.aarch64 7.17.5-1 kibana-7.x kibana.x86_64 7.17.5-1 kibana-7.x kibana.aarch64 7.17.6-1 kibana-7.x kibana.x86_64 7.17.6-1 kibana-7.x kibana.aarch64 7.17.7-1 kibana-7.x kibana.x86_64 7.17.7-1 kibana-7.x [root@centos8 ~]#
-
安装 kibana 7.17.7-1
sudo yum install -y kibana-7.17.7-1
安装过程
[root@centos8 ~]# sudo yum install -y kibana-7.17.7-1 Last metadata expiration check: 0:01:34 ago on Fri 28 Oct 2022 05:45:21 PM CST. Dependencies resolved. =========================================================================================================================================================== Package Architecture Version Repository Size =========================================================================================================================================================== Installing: kibana x86_64 7.17.7-1 kibana-7.x 256 M Transaction Summary =========================================================================================================================================================== Install 1 Package Total download size: 256 M Installed size: 649 M Downloading Packages: kibana-7.17.7-x86_64.rpm 9.1 MB/s | 256 MB 00:28 ----------------------------------------------------------------------------------------------------------------------------------------------------------- Total 9.1 MB/s | 256 MB 00:28 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: kibana-7.17.7-1.x86_64 1/1 Installing : kibana-7.17.7-1.x86_64 1/1 Running scriptlet: kibana-7.17.7-1.x86_64 1/1 Creating kibana group... OK Creating kibana user... OK Created Kibana keystore in /etc/kibana/kibana.keystore Verifying : kibana-7.17.7-1.x86_64 1/1 Installed: kibana-7.17.7-1.x86_64 Complete! [root@centos8 ~]#
-
kibana 常用命令
- 查看状态
systemctl status kibana.service
- 查看开机启动状态
systemctl list-unit-files | grep kibana.service
- 启动
systemctl start kibana.service
- 停止
systemctl stop kibana.service
- 重启
systemctl restart kibana.service
- 打开开机自启
systemctl enable kibana.service
- 关闭开机自启
systemctl disable kibana.service
-
开放端口
firewall-cmd --zone=public --add-port=5601/tcp --permanent firewall-cmd --reload firewall-cmd --list-all
-
修改 /etc/kibana/kibana.yml 开放远程连接
vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
-
启动
systemctl start kibana.service
-
浏览器访问: http://kibana服务的ip:5601
显示:Kibana server is not ready yet,原因:kibana 未连接到 elasticsearch -
修改 /etc/kibana/kibana.yml,连接到 elasticsearch
vi /etc/kibana/kibana.yml
elasticsearch.hosts: ["http://elasticsearch服务器的IP:9200"]
-
重启 kibana
systemctl restart kibana.service
-
访问 http://kibana服务的ip:5601 ,正常显示内容,但是内容为英文
-
修改 /etc/kibana/kibana.yml,将语言改为中文
vi /etc/kibana/kibana.yml
i18n.locale: "zh-CN"
-
重启 kibana
systemctl restart kibana.service
-
浏览器访问: http://kibana服务的ip:5601/app/fleet/agents ,可查看到需要开启
xpack.security.enabled
、xpack.security.authc.api_key.enabled
-
在 elasticsearch 所在的服务器上操作
- 修改 /etc/elasticsearch/elasticsearch.yml 文件,启用
xpack.security.enabled
vi /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true xpack.security.transport.ssl.enabled: true
- 重启 elasticsearch
systemctl restart elasticsearch.service
- 执行下列命令,自动生成密码
保存执行结果/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
[root@centos7-2009 yum.repos.d]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user apm_system PASSWORD apm_system = 56NDmS7zsVL17oU5C9kh Changed password for user kibana_system PASSWORD kibana_system = gYZtnvSz5d6Nzy4m1PP5 Changed password for user kibana PASSWORD kibana = gYZtnvSz5d6Nzy4m1PP5 Changed password for user logstash_system PASSWORD logstash_system = ewnuRmRl4hkmWKOF8src Changed password for user beats_system PASSWORD beats_system = BmqUkhVW48TUYr1Dun9S Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = SLPxYg42EgKBXejBrRiu Changed password for user elastic PASSWORD elastic = F7M6EklcuAgKIvaMy0JP [root@centos7-2009 yum.repos.d]#
- 访问 127.0.0.1:9200/_cat/health
其中 ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA== 为上述生成的 elastic + 英文冒号 + 密码 计算 Base64 得到的,即:Basic验证curl 127.0.0.1:9200/_cat/health --header 'Authorization: Basic ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA=='
[root@centos7-2009 yum.repos.d]# curl 127.0.0.1:9200/_cat/health --header 'Authorization: Basic ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA==' 1666952483 10:21:23 elasticsearch green 1 1 10 10 0 0 0 0 - 100.0%
- 修改 /etc/elasticsearch/elasticsearch.yml 文件,启用
-
在 kibana 所在的服务器上操作
- 修改 /etc/kibana/kibana.yml 文件,配置密码,密码是上述生成的
elasticsearch.username: "kibana_system" elasticsearch.password: "gYZtnvSz5d6Nzy4m1PP5"
- 重启 kibana
systemctl restart kibana.service
- 浏览器访问: http://kibana服务的ip:5601 ,提示输入密码,可使用上述生成的密码:elastic/F7M6EklcuAgKIvaMy0JP
- 浏览器访问: http://kibana服务的ip:5601/app/fleet/agents ,可查看到 xpack.security.enabled 已配置成功
- 修改 /etc/kibana/kibana.yml 文件,配置密码,密码是上述生成的
-
在 elasticsearch 所在的服务器上操作
- 修改 /etc/elasticsearch/elasticsearch.yml 文件,启用
xpack.security.authc.api_key.enabled
vi /etc/elasticsearch/elasticsearch.yml
xpack.security.authc.api_key.enabled: true
- 重启 elasticsearch
systemctl restart elasticsearch.service
- 浏览器访问: http://kibana服务的ip:5601/app/fleet/agents
,即可发现无xpack.security.enabled、xpack.security.authc.api_key.enabled
提示了,说明已配置完成
- 修改 /etc/elasticsearch/elasticsearch.yml 文件,启用
-
在 filebeat 所在的服务器上操作
-
导入 filebeat GPG 密钥(与 elasticsearch 相同)
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
-
添加 filebeat yum 源
vi /etc/yum.repos.d/elastic.repo
[elastic-7.x] name=Elastic repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
-
搜索 filebeat 版本号
yum --showduplicates list filebeat
[root@dev ~]# yum --showduplicates list filebeat 已加载插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Repository base is listed more than once in the configuration Repository updates is listed more than once in the configuration Repository extras is listed more than once in the configuration Repository centosplus is listed more than once in the configuration Loading mirror speeds from cached hostfile epel/x86_64/metalink | 8.0 kB 00:00:00 * base: mirrors.tuna.tsinghua.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.bupt.edu.cn * updates: mirrors.bupt.edu.cn base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 elastic-7.x | 1.3 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 runner_gitlab-ci-multi-runner/x86_64/signature | 862 B 00:00:00 runner_gitlab-ci-multi-runner/x86_64/signature | 1.0 kB 00:00:00 !!! runner_gitlab-ci-multi-runner-source/signature | 862 B 00:00:00 runner_gitlab-ci-multi-runner-source/signature | 951 B 00:00:00 !!! runner_gitlab-runner/x86_64/signature | 862 B 00:00:00 runner_gitlab-runner/x86_64/signature | 1.0 kB 00:00:00 !!! runner_gitlab-runner-source/signature | 862 B 00:00:00 runner_gitlab-runner-source/signature | 951 B 00:00:00 !!! updates | 2.9 kB 00:00:00 (1/4): elastic-7.x/primary | 457 kB 00:00:00 (2/4): epel/x86_64/group_gz | 98 kB 00:00:00 (3/4): epel/x86_64/updateinfo | 1.0 MB 00:00:00 (4/4): epel/x86_64/primary_db | 7.0 MB 00:00:00 elastic-7.x 1432/1432 可安装的软件包 filebeat.i686 7.0.0-1 elastic-7.x filebeat.x86_64 7.0.0-1 elastic-7.x filebeat.i686 7.0.1-1 elastic-7.x filebeat.x86_64 7.0.1-1 elastic-7.x filebeat.i686 7.1.0-1 elastic-7.x filebeat.x86_64 7.1.0-1 elastic-7.x filebeat.i686 7.1.1-1 elastic-7.x filebeat.x86_64 7.1.1-1 elastic-7.x filebeat.i686 7.2.0-1 elastic-7.x filebeat.x86_64 7.2.0-1 elastic-7.x filebeat.i686 7.2.1-1 elastic-7.x filebeat.x86_64 7.2.1-1 elastic-7.x filebeat.i686 7.3.0-1 elastic-7.x filebeat.x86_64 7.3.0-1 elastic-7.x filebeat.i686 7.3.1-1 elastic-7.x filebeat.x86_64 7.3.1-1 elastic-7.x filebeat.i686 7.3.2-1 elastic-7.x filebeat.x86_64 7.3.2-1 elastic-7.x filebeat.i686 7.4.0-1 elastic-7.x filebeat.x86_64 7.4.0-1 elastic-7.x filebeat.i686 7.4.1-1 elastic-7.x filebeat.x86_64 7.4.1-1 elastic-7.x filebeat.i686 7.4.2-1 elastic-7.x filebeat.x86_64 7.4.2-1 elastic-7.x filebeat.i686 7.5.0-1 elastic-7.x filebeat.x86_64 7.5.0-1 elastic-7.x filebeat.i686 7.5.1-1 elastic-7.x filebeat.x86_64 7.5.1-1 elastic-7.x filebeat.i686 7.5.2-1 elastic-7.x filebeat.x86_64 7.5.2-1 elastic-7.x filebeat.i686 7.6.0-1 elastic-7.x filebeat.x86_64 7.6.0-1 elastic-7.x filebeat.i686 7.6.1-1 elastic-7.x filebeat.x86_64 7.6.1-1 elastic-7.x filebeat.i686 7.6.2-1 elastic-7.x filebeat.x86_64 7.6.2-1 elastic-7.x filebeat.i686 7.7.0-1 elastic-7.x filebeat.x86_64 7.7.0-1 elastic-7.x filebeat.i686 7.7.1-1 elastic-7.x filebeat.x86_64 7.7.1-1 elastic-7.x filebeat.i686 7.8.0-1 elastic-7.x filebeat.x86_64 7.8.0-1 elastic-7.x filebeat.i686 7.8.1-1 elastic-7.x filebeat.x86_64 7.8.1-1 elastic-7.x filebeat.i686 7.9.0-1 elastic-7.x filebeat.x86_64 7.9.0-1 elastic-7.x filebeat.i686 7.9.1-1 elastic-7.x filebeat.x86_64 7.9.1-1 elastic-7.x filebeat.i686 7.9.2-1 elastic-7.x filebeat.x86_64 7.9.2-1 elastic-7.x filebeat.i686 7.9.3-1 elastic-7.x filebeat.x86_64 7.9.3-1 elastic-7.x filebeat.i686 7.10.0-1 elastic-7.x filebeat.x86_64 7.10.0-1 elastic-7.x filebeat.i686 7.10.1-1 elastic-7.x filebeat.x86_64 7.10.1-1 elastic-7.x filebeat.i686 7.10.2-1 elastic-7.x filebeat.x86_64 7.10.2-1 elastic-7.x filebeat.i686 7.11.0-1 elastic-7.x filebeat.x86_64 7.11.0-1 elastic-7.x filebeat.i686 7.11.1-1 elastic-7.x filebeat.x86_64 7.11.1-1 elastic-7.x filebeat.i686 7.11.2-1 elastic-7.x filebeat.x86_64 7.11.2-1 elastic-7.x filebeat.i686 7.12.0-1 elastic-7.x filebeat.x86_64 7.12.0-1 elastic-7.x filebeat.i686 7.12.1-1 elastic-7.x filebeat.x86_64 7.12.1-1 elastic-7.x filebeat.i686 7.13.0-1 elastic-7.x filebeat.x86_64 7.13.0-1 elastic-7.x filebeat.i686 7.13.1-1 elastic-7.x filebeat.x86_64 7.13.1-1 elastic-7.x filebeat.i686 7.13.2-1 elastic-7.x filebeat.x86_64 7.13.2-1 elastic-7.x filebeat.i686 7.13.3-1 elastic-7.x filebeat.x86_64 7.13.3-1 elastic-7.x filebeat.i686 7.13.4-1 elastic-7.x filebeat.x86_64 7.13.4-1 elastic-7.x filebeat.i686 7.14.0-1 elastic-7.x filebeat.x86_64 7.14.0-1 elastic-7.x filebeat.i686 7.14.1-1 elastic-7.x filebeat.x86_64 7.14.1-1 elastic-7.x filebeat.i686 7.14.2-1 elastic-7.x filebeat.x86_64 7.14.2-1 elastic-7.x filebeat.i686 7.15.0-1 elastic-7.x filebeat.x86_64 7.15.0-1 elastic-7.x filebeat.i686 7.15.1-1 elastic-7.x filebeat.x86_64 7.15.1-1 elastic-7.x filebeat.i686 7.15.2-1 elastic-7.x filebeat.x86_64 7.15.2-1 elastic-7.x filebeat.i686 7.16.0-1 elastic-7.x filebeat.x86_64 7.16.0-1 elastic-7.x filebeat.i686 7.16.1-1 elastic-7.x filebeat.x86_64 7.16.1-1 elastic-7.x filebeat.i686 7.16.2-1 elastic-7.x filebeat.x86_64 7.16.2-1 elastic-7.x filebeat.i686 7.16.3-1 elastic-7.x filebeat.x86_64 7.16.3-1 elastic-7.x filebeat.i686 7.17.0-1 elastic-7.x filebeat.x86_64 7.17.0-1 elastic-7.x filebeat.i686 7.17.1-1 elastic-7.x filebeat.x86_64 7.17.1-1 elastic-7.x filebeat.i686 7.17.2-1 elastic-7.x filebeat.x86_64 7.17.2-1 elastic-7.x filebeat.i686 7.17.3-1 elastic-7.x filebeat.x86_64 7.17.3-1 elastic-7.x filebeat.i686 7.17.4-1 elastic-7.x filebeat.x86_64 7.17.4-1 elastic-7.x filebeat.i686 7.17.5-1 elastic-7.x filebeat.x86_64 7.17.5-1 elastic-7.x filebeat.i686 7.17.6-1 elastic-7.x filebeat.x86_64 7.17.6-1 elastic-7.x filebeat.i686 7.17.7-1 elastic-7.x filebeat.x86_64 7.17.7-1 elastic-7.x [root@dev ~]#
-
安装 filebeat 7.17.7-1
sudo yum install -y filebeat-7.17.7-1
[root@dev ~]# sudo yum install -y filebeat-7.17.7-1 已加载插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Repository base is listed more than once in the configuration Repository updates is listed more than once in the configuration Repository extras is listed more than once in the configuration Repository centosplus is listed more than once in the configuration Loading mirror speeds from cached hostfile * base: mirrors.tuna.tsinghua.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.bupt.edu.cn * updates: mirrors.bupt.edu.cn 正在解决依赖关系 --> 正在检查事务 ---> 软件包 filebeat.x86_64.0.7.17.7-1 将被 安装 --> 解决依赖关系完成 依赖关系解决 ============================================================================================================================================= Package 架构 版本 源 大小 ============================================================================================================================================= 正在安装: filebeat x86_64 7.17.7-1 elastic-7.x 33 M 事务概要 ============================================================================================================================================= 安装 1 软件包 总下载量:33 M 安装大小:125 M Downloading packages: filebeat-7.17.7-x86_64.rpm | 33 MB 00:00:06 Running transaction check Running transaction test Transaction test succeeded Running transaction 警告:RPM 数据库已被非 yum 程序修改。 正在安装 : filebeat-7.17.7-1.x86_64 1/1 验证中 : filebeat-7.17.7-1.x86_64 1/1 已安装: filebeat.x86_64 0:7.17.7-1 完毕! [root@dev ~]#
-
filebeat 常用命令
- 查看状态
systemctl status filebeat.service
- 查看开机启动状态
systemctl list-unit-files | grep filebeat.service
- 启动
systemctl start filebeat.service
- 停止
systemctl stop filebeat.service
- 重启
systemctl restart filebeat.service
- 打开开机自启
systemctl enable filebeat.service
- 关闭开机自启
systemctl disable filebeat.service
- 查看状态
-
修改 /etc/filebeat/filebeat.yml 文件,让 filebeat 连接到 kibana、elasticsearch
vi /etc/filebeat/filebeat.yml
setup.kibana: host: "kibana服务器IP:5601" output.elasticsearch: hosts: ["elasticsearch服务器IP:9200"] username: "elastic" password: "F7M6EklcuAgKIvaMy0JP"
-
查看 filebeat 可收集日志的类型与配置文件
cd /etc/filebeat/modules.d/ ll
-
开启 apache 日志收集(根据自己的需要选择配置)
sudo filebeat modules enable apache
开启结果
[root@dev ~]# sudo filebeat modules enable apache Enabled apache [root@dev ~]#
配置 apache 日志收集的路径
vi /etc/filebeat/modules.d/apache.yml
- module: apache access: enabled: true var.paths: # 收集日志的路径 - /logs/*.log
-
启动 filebeat
systemctl start filebeat.service
-
查看日志收集文章来源:https://www.toymoban.com/news/detail-430818.html
tail -f /var/lib/filebeat/registry/filebeat/log.json
-
浏览器访问网址: http://kibana服务器IP:5601/app/logs/stream ,即可查看到收集的日志文章来源地址https://www.toymoban.com/news/detail-430818.html
-
到了这里,关于CentOS yum 安装 EFK 7.17的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!