ELK stack收集nginx Log

作者: admin 分类: 安全运维 发布时间: 2018-04-18 10:32

为了简化所有的东西我都装在一台机器,其实其他的集群的话
1.设置静态ip
ip a
cd /etc/sysconfig/network-scripts/
vi ifcfg-ens160

BOOTPROTO=static
PEERROUTES=yes
IPADDR=192.168.1.138
GATEWAY=192.168.1.1
NETMASK=255.255.255.0
ONBOOT=yes
DNS1=8.8.8.8
DNS2=114.114.114.114

/etc/init.d/network restart
ping www.baidu.com

2.安装必要组件
yum install net-tools,gcc,wget,openssh-server,java,vim
vi /etc/ssh/sshd_config
Port 22
PasswordAuthentication yes

/etc/init.d/sshd restart

netstat -ntlp
systenctl stop firewalld

3.安装Google插件
在chrome扩展里面搜索—elasticsearch-head

4.安装elk stack
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-x86_64.rpm
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.3-x86_64.rpm
rpm -ivh elasticsearch-6.2.3.rpm,logstash-6.2.3.rpm,kibana-6.2.3-x86_64.rpm,filebeat-6.2.3-x86_64.rpm

vim /etc/kibana/kibana.yml
server.port: 5601
server.host: “192.168.1.138”
elasticsearch.url: “http://192.168.1.138:9200”
kibana.index: “.kibana”

vim /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.138
http.port: 9200

5.安装各种web环境
vim  /etc/sysconfig/selinux
SELINUX=disabled
systemctl stop firewalld.service
wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx
systemctl start nginx.service

6.发送请求

ab -n 1000 -c 1 http://192.168.1.138/whaomi

7.logstash配置

input{
    file {
        path => “/var/log/nginx/access.log”
        codec => “json”
        type => “nginx-access-log”
    }
}
filter{
}
output{
    stdout{
        hosts => [“192.168.1.138:9200”]
        index => “nginx-access-log-%{+YYYY.MM.dd}”
    }
}

./logstash -f /etc/logstash/conf.d/nginx.conf

8.图表展示

参考文献:
https://github.com/0xa-saline/ELK

发表评论

电子邮件地址不会被公开。 必填项已用*标注

标签云