准备工作
安装之前,先了解以下信息,查看操作系统版本可以使用uname -a。
- 操作系统:CentOS 7.9
- ELK 版本:7.7.1
- 安装方式:使用源码部署
官方文档:Installing the Elastic Stack | Installation and Upgrade Guide [7.7] | Elastic文章源自十年又十年-https://www.bbigsun.com/66.html
获取安装包
联网情况下
-
ES:Install Elasticsearch from archive on Linux or MacOS | Elasticsearch Guide [7.7] | Elastic文章源自十年又十年-https://www.bbigsun.com/66.html
-
Kibana:Install Kibana from archive on Linux or macOS | Kibana Guide [7.7] | Elastic文章源自十年又十年-https://www.bbigsun.com/66.html
-
LogStach:Installing Logstash | Logstash Reference [7.7] | Elastic文章源自十年又十年-https://www.bbigsun.com/66.html
未联网情况下
先在可以联网的机器上下载安装包,然后通过scp命令传输到未联网的机器上安装。文章源自十年又十年-https://www.bbigsun.com/66.html
# 2222 为 ssh 端口,/opt/pacakages 下为安装包
sudo scp -P 2222 -r /opt/elk/pacakages admin@192.168.0.128:/opt/elk安装
1、内网远程登录
ssh admin@192.168.0.128 -p 22222、解压安装包
cd /opt/elk/pacakages
tar -xzf elasticsearch-7.7.1-linux-x86_64.tar.gz -C /opt/elk/
tar -xzf kibana-7.7.1-linux-x86_64.tar.gz -C /opt/elk/
tar -xzf logstash-7.7.1.tar.gz -C /opt/elk/
tar -xzf openjdk-11_linux-x64_bin.tar.gz -C /opt/elk/
ls /opt/elk
# --- 命令输出结果
elasticsearch-7.7.1 jdk-11 kibana-7.7.1-linux-x86_64 logstash-7.7.1 pacakages
# ---3、配置 jdk 环境变量
cat <<EOF | sudo tee /etc/profile.d/java.sh
JAVA_HOME=/home/local/jdk-11
PATH=\$JAVA_HOME/bin:\$PATH
CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tool.jar
EOF
source /etc/profile
java --version
# --- 命令输出结果
openjdk 11 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11+28)
OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)
# ---4、新建用户 es,密码:123456
sudo useradd es
sudo passwd es
sudo usermod es -aG es5、设置elk目录权限
cd /opt/elk/
sudo chown -R es:es elasticsearch-7.7.1
sudo chown -R es:es kibana-7.7.1-linux-x86_64
sudo chown -R es:es logstash-7.7.16、系统配置
sudo vim /etc/sysctl.conf
# --- 写入内容
vm.max_map_count = 655360
# ---
sudo sysctl -p
sudo vim /etc/security/limits.conf
# --- 写入内容
es soft nofile 65536
es hard nofile 131072
# --- 需要退出重新登录生效7、elk 配置
cd /home/local/elasticsearch-7.7.1/config/
sudo vim elasticsearch.yml
# --- 写入内容
cluster.name: elasticsearch-cluster
node.name: node-1
path.data: /home/local/elasticsearch-7.7.1/data
path.logs: /home/local/elasticsearch-7.7.1/logs
network.host: 192.168.0.128
http.host: 192.168.0.128
http.port: 9200
cluster.initial_master_nodes: ["node-1"]
cluster.max_shards_per_node: 900000
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.authc.accept_default_password: true
# ---
sudo vim jvm.options
# --- 写入内容
# 默认使用 CMS 垃圾收集器
# 8-13:-XX:+UseConcMarkSweepGC
# 使用 G1 垃圾收集器
8-13:-XX:+UseG1GC
# ---8、Kibana 配置
cd cd /home/local/kibana-7.7.1-linux-x86_64/config/
sudo vim kibana.yml
# --- 写入内容
server.port: 5601
server.host: "192.168.0.128"
elasticsearch.hosts: ["http://192.168.0.128:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
i18n.locale: "zh-CN"
# ---9、Logstash 配置
cd /home/local/logstash-7.7.1/config/
sudo vim logstash.yml
# --- 写入内容
http.host: "192.168.0.128"
http.port: 9600
log.level: info
# ---
sudo vim logstash-sample.conf
# --- 写入内容
input {
tcp {
mode => "server"
host => "192.168.0.128"
port => 4560
ssl_enable => false
codec => json {
charset => "UTF-8"
}
}
}
output {
elasticsearch {
hosts => ["http://192.168.0.128:9200"]
index => "%{[appname]}-%{+yyyy.MM.dd}"
user => "elastic"
password => "elastic"
}
}
# ---10、启动 elk
# 一定要切换用户启动 elk
su es
# 修改 es 密码
/opt/elk/elasticsearch-7.7.1/bin/elasticsearch-setup-passwords interactive
# elastic / elastic
# 后台启动 elasticsearch
/opt/elk/elasticsearch-7.7.1/bin/elasticsearch -d
# 后台启动 kibana
/opt/elk/kibana-7.7.1-linux-x86_64/bin/kibana > /opt/elk/kibana-7.7.1-linux-x86_64/kibana.log &
# 检查 Logstash 配置文件
/opt/elk/logstash-7.7.1/bin/logstash -f /opt/elk/logstash-7.7.1/config/logstash-sample.conf -t
# 启动 Logstash
/opt/elk/logstash-7.7.1/bin/logstash -f /opt/elk/logstash-7.7.1/config/logstash-sample.conf &访问 ELK
如果想要访问 ELK,首先需要一个 EIP 来入网。我才用的入网方案是通过 NAT 网关入网。文章源自十年又十年-https://www.bbigsun.com/66.html
- 在 NAT 网关配置 DNAT 规则,公网 IP(x.x.x.x)的 5601 端口映射到私网 IP(192.168.0.128)的 5601 端口。
- 新建安全组,关联实例 192.168.0.128 这台机器,然后开放 5601 端口(允许指定 IP 访问,这里我是只允许公司内网访问)。
做完以上两步就可以通过,http:// 公网 IP:5601 来访问 ELK 了。文章源自十年又十年-https://www.bbigsun.com/66.html 文章源自十年又十年-https://www.bbigsun.com/66.html
纸上得来终觉浅,绝知此事要躬行。
17688689121
我的微信
微信扫一扫
评论