Elasticsearch 是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。
Logstash 是一个完全开源的工具,他可以对你的日志进行收集、分析,并将其存储供以后使用(如,搜索)
kibana 也是一个开源和免费的工具,他Kibana可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志。
环境:
192.168.50.119:ELK+Nginx
192.168.50.120:Redis+Logstash
架构图
部署流程:
192.168.50.119 ELK服务器
1.安装JDK
Logstash的运行依赖于Java运行环境, Logstash 1.5以上版本不低于java 7推荐使用最新版本的Java,我这里使用了1.8版本
tar -zxf jdk-8u45-linux-x64.tar.gz -C /usr/local/
vim /etc/profile #设置环境变量
export JAVA_HOME=/usr/local/jdk1.8.0_45
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH
source /etc/profile #使环境变量生效
验证是否安装成功
[root@localhost ~]# java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
2.安装Logstash(日志收集、分析,并将其存储供以后使用)
wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
tar –zxf logstash-2.4.0.tar.gz -C /usr/local/
验证logstash是否安装成功
[root@localhost ~]# /usr/local/logstash-2.4.0/bin/logstash -e 'input { stdin { } } output { stdout {} }'
Settings: Default pipeline workers: 1
Logstash startup completed
等待输入:hello world
2016-11-28T20:32:07.853Z localhost.localdomain hello world
我们可以看到,我们输入什么内容logstash按照某种格式输出,其中-e参数参数允许Logstash直接通过命令行接受设置。
这点尤其快速的帮助我们反复的测试配置是否正确而不用写配置文件。使用CTRL-C命令可以退出之前运行的Logstash。
3.部署nginx并收集日志
yum -y install nginx
设置nginx的log 格式
vim /etc/nginx/nginx.conf
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for $request_length $msec $connection_requests $request_time';
启动nginx
service nginx start
mkdir /usr/local/logstash-2.4.0/conf/ #创建logstash配置目录
定义logstash配置文件,用来收集nginx日志
[root@localhost conf]# cat logstash_nginx.conf
input {
file {
path => ["/var/log/nginx/access.log"]
type => "nginx_log"
}
}
output {
redis{
host => "192.168.50.120"
key => 'logstash-redis'
data_type => 'list'
}
stdout {
codec => rubydebug
}
}
4.安装部署redis
192.168.50.120 服务器
yum -y install redis
vim /etc/redis.conf
bind 192.168.50.120
启动
service redis start
5.启动Logstash
[root@localhost conf]# /usr/local/logstash-2.4.0/bin/logstash -f ./logstash_nginx.conf --configtest #检查配置文件
Configuration OK
[root@localhost conf]# /usr/local/logstash-2.4.0/bin/logstash agent -f ./logstash_nginx.conf #将日志信息输出到redis服务器
Settings: Default pipeline workers: 1
Logstash startup completed
{
"message" => "192.168.50.114 - - [29/Nov/2016:00:58:43 +0800] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\" \"-\"",
"@version" => "1",
"@timestamp" => "2016-11-28T18:55:49.587Z",
"path" => "/var/log/nginx/access.log",
"host" => "localhost.localdomain",
"type" => "nginx_log"
}
{
"message" => "192.168.50.114 - - [29/Nov/2016:00:58:43 +0800] \"GET /nginx-logo.png HTTP/1.1\" 304 0 \"http://192.168.50.119/\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\" \"-\"",
"@version" => "1",
"@timestamp" => "2016-11-28T18:55:49.590Z",
"path" => "/var/log/nginx/access.log",
"host" => "localhost.localdomain",
"type" => "nginx_log"
}
{
"message" => "192.168.50.114 - - [29/Nov/2016:00:58:43 +0800] \"GET /poweredby.png HTTP/1.1\" 304 0 \"http://192.168.50.119/\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\" \"-\"",
"@version" => "1",
"@timestamp" => "2016-11-28T18:55:49.590Z",
"path" => "/var/log/nginx/access.log",
"host" => "localhost.localdomain",
"type" => "nginx_log"
}
6.安装部署Elasticsearch
192.168.50.119 ELK服务器
创建安装用户
groupadd elk
useradd es -g elk