TB_信息安全_点滴

collect info about work need

ELK (Elasticsearch + Logstash + Kibana)开源的日志收集平台

2021-8-11 admin linux

ELK (Elasticsearch + Logstash + Kibana),是一个开源的日志收集平台,用于收集各种客户端日志文件在同一个平台上面做数据分析
ELK组件:
Elasticsearch:负责日志检索和储存
Logstash:负责日志的收集和分析、处理
Kibana:负责日志的可视化
这三款软件都是开源软件,通常是配合使用,而且又先后归于Elastic.co公司名下,故被简称为ELK
elk安装:
1,安装java环境

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel -y


2,ELK rpm下载

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.rpm


3,安装ELK环境
a,安装Elasticsearch

rpm -ivh elasticsearch-7.2.0-x86_64.rpm
vim /etc/elasticsearch/elasticsearch.yml
    cluster.name: my-application
    node.name: es1
    path.data: /var/lib/elasticsearch
    path.logs: /var/log/elasticsearch
    network.host: "0.0.0.0" http.port: 9200
    cluster.initial_master_nodes: ["es1"]
systemctl start elasticearch && systemctl enable elasticearch


b,安装kibana

rpm -ivh kibana-7.2.0-x86_64.rpm
vim  /etc/kibana/kibana.ymlserver.port: 5601
      server.host: "0.0.0.0" server.name: "es1" elasticsearch.hosts: ["http://127.0.0.1:9200"]
      kibana.index: ".kibana" systemctl start kibana && systemctl enable kibana


c,安装logstash并且定义启动一个syslog日志文件

rpm -ivh logstash-7.2.0.rpm
vim /etc/logstash/logstash.yml
    path.data: /var/lib/logstash
    path.config: "/etc/logtash/conf.d" path.logs: /var/log/logstash
ln -s /etc/logstash /usr/share/logstash/config
vim /usr/share/logstash/config/conf.d/syslog.conf
input {
  udp {
    port => "514" type => "syslog" }
}
output {
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "logstash_syslog-%{+YYYY.MM.dd}" }
}

yum install -y supervisor
systemctl enable supervisord && systemctl start supervisord
vim /etc/supervisord.d/logstash.ini 
[program:logstash]
environment=LS_HEAP_SIZE=5000m
directory=/usr/share/logstash command=/usr/share/logstash/bin/logstash -f /usr/share/logstash/config/conf.d/syslog.conf -w 10 -l /var/log/logstash/syslog.log

supervisorctl reload


4,使用nginx反向代理kibana并且设置用户名和密码登录进行验证
创建http认证的用户名和密码

mkdir /etc/nginx/passwd/ cd /etc/nginx/passwd/
touch kibana.passwd
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/passwd/kibana.passwd kibana sdnware


创建kibana的nginx配置文件

vim /etc/nginx/conf.d/kibana.conf
server
{
 listen 8443;
   server_name kibana.mofangge.cc;
   access_log /var/log/nginx/kibana/kinaba_access.log main;
   error_log /var/log/nginx/kibana/kinaba_error.log;

   auth_basic "Kibana Auth";
   auth_basic_user_file /etc/nginx/passwd/kibana.passwd;

 location / {
    proxy_pass http://192.168.200.99:5601;
    proxy_redirect off;
   }

}


最后访问浏览器访问http://kibana.mofangge.cc:8443

« oracle查看表空间及大小 | 手把手教你实现Confluence6.7.1安装与破解»

评论:

admin
2021-08-11 14:58
Elastic:菜鸟上手指南

https://elasticstack.blog.csdn.net/article/details/102728604
回复
admin
2021-08-11 14:39
ELK (Elasticsearch + Logstash + Kibana),是一个开源的日志收集平台,用于收集各种客户端日志文件在同一个平台上面做数据分析

https://www.cnblogs.com/skymydaiji/p/13809677.html
回复
admin
2021-08-11 14:38
Ansible简单介绍及基本使用

https://www.fdevops.com/2020/03/08/ansible-basic-use
回复
admin
2021-08-11 14:38
开源CMDB,灵活管理易于维护的资产管理系统
https://blog.51cto.com/u_11293981/2783015?xiangguantuijian&04
回复

发表评论: