日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散在各个生产服务器,且开发人员无法登陆生产服务器,这时候就需要一个集中式的日志收集装置,对日志中的关键字进行监控,触发异常时进行报警,并且开发人员能够查看相关日志。logstash+elasticsearch+kibana3就是实现这样功能的一套系统,并且功能更强大。
Logstash:负责日志的收集,处理和储存
Elasticsearch:负责日志检索和分析
Kibana:负责日志的可视化
环境介绍
server端:
OS:centOS7
IP:192.168.3.95
FQDN:elk.server.com
elkClient
IP:192.168.5.152
OS:Centos6.5
elk 使用软件包
ELK服务端安装
安装jdk1.7
yum -y install java-1.7.0-openjdk
安装elasticsearch
yum localinstall elasticsearch-1.7.3.noarch.rpm
启动服务
systemctl daemon-reload
systemctl enable elasticsearch.service(
设置开机启动
)
systemctl start elasticsearch.service (
开启服务
)
systemctl status elasticsearch.service(
查看服务状态
)
查看安装软件包
rpm -qc elasticsearch
查看端口监听情况
netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1256/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3060/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1266/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2035/master
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1285/php-fpm: maste
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::9200 :::* LISTEN 10867/java
tcp6 0 0 :::9300 :::* LISTEN 10867/java
tcp6 0 0 :::22 :::* LISTEN 1266/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2035/master
防火墙添加端口
firewall-cmd --permanent --add-port={9200/tcp,9300/tcp}
重载防火墙
firewall-cmd –reload
查看防火墙开放端口
[root@localhost elk安装]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: br0
sources:
services: dhcpv6-client ssh ipsec xl2tpd
ports:
3306/tcp 9200/tcp 9300/tcp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
安装kibana
解压缩安装包到指定目录中
tar -zxvf kibana-4.1.2-linux-x64.tar.gz -C /usr/local
cd /usr/local/
root@localhost local]# ls
bin etc games include kibana-4.1.2-linux-x64 lib lib64 libexec mysql nginx php php7 sbin share src
重命名
mv kibana-4.1.2-linux-x64/ kibana
cd kibana
[root@localhost kibana]# ls
bin config LICENSE.txt node plugins README.txt src
[root@localhost kibana]# cd bin/
[root@localhost bin]# ls (
运行./kibana即可开启服务,但我们将其做到service
)
kibana kibana.bat
[root@localhost bin]#
cd /etc/systemd/system
[root@localhost system]# vi kibana.service (编辑kibana服务)
[Service]
ExecStart=/usr/local/kibana/bin/kibana
[Install]
WantedBy=multi-user.target
设置开机自启动
[root@localhost system]# systemctl enable kibana.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
开启服务
[root@localhost system]# systemctl start kibana.service
查看服务运行状态
[root@localhost system]# systemctl status kibana.service
● kibana.service
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-10-24 21:43:02 EDT; 4min 37s ago
Main PID: 19247 (node)
CGroup: /system.slice/kibana.service
└─19247 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
Oct 24 21:43:02 localhost.localdomain systemd[1]: Started kibana.service.
Oct 24 21:43:02 localhost.localdomain systemd[1]: Starting kibana.service...
Oct 24 21:43:07 localhost.localdomain kibana[19247]: {"name":"Kibana","hostname":"localhost.localdomain","pid":19247,"level":30,"msg":"No existing kibana index f...2Z","v":0}
Oct 24 21:43:07 localhost.localdomain kibana[19247]: {"name":"Kibana","hostname":"localhost.localdomain","pid":19247,"level":30,"msg":"Listening on 0.0.0.0:5601"...9Z","v":0}
Hint: Some lines were ellipsized, use -l to show in full.
查看端口监听状态
[root@localhost system]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1256/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3060/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1266/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2035/master
tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 19247/node
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1285/php-fpm: maste
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::9200 :::* LISTEN 10867/java
tcp6 0 0 :::9300 :::* LISTEN 10867/java
tcp6 0 0 :::22 :::* LISTEN 1266/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2035/master
为5601端口添加80端口的映射,这样在浏览器中就可以不用输入端口了
[root@localhost system]# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=5601
Success
重载防火墙
[root@localhost system]# firewall-cmd --reload
Success
查看防火墙开放端口
[root@localhost system]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: br0
sources:
services: dhcpv6-client ssh ipsec xl2tpd
ports: 3306/tcp 9200/tcp 9300/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
source-ports:
icmp-blocks:
rich rules:
安装logstash
[root@localhost system]# cd /usr/local/src/elk安装/
Yum 本地安装logstash
[root@localhost elk安装]# yum localinstall logstash-1.5.4-1.noarch.rpm
查看当前
FQDN
,
FQDN
设置参见
http://www.cnblogs.com/zhenyuyaodidiao/p/4947930.html
[root@localhost elk安装]# hostname -f
elk.server.com
进入到/etc/pki/tls/文件夹
[root@localhost elk安装]# cd /etc/pki/tls/
[root@localhost tls]# ls
cert.pem certs misc openssl.cnf private
以下生成openssl key用于客户端上传日志文件用,在客户端配置时会用到
root@localhost tls]# openssl req -subj '/CN=elk.server.com/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwa
rder.crtGenerating a 2048 bit RSA private key
..........................+++
........+++
writing new private key to 'private/logstash-forwarder.key'
-----
[root@localhost tls]# ls
cert.pem certs misc openssl.cnf private
[root@localhost tls]# cd private/
[root@localhost private]# ll
total 4
-rw-r--r-- 1 root root 1708 Oct 24 22:44
logstash-forwarder.key
[root@localhost private]# cd ../certs/
[root@localhost certs]# ll
total 16
lrwxrwxrwx. 1 root root 49 Jun 1 13:46 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jun 1 13:46 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- 1 root root 1107 Oct 24 22:44
logstash-forwarder.crt
-rwxr-xr-x 1 root root 610 Feb 20 2017 make-dummy-cert
-rw-r--r-- 1 root root 2388 Feb 20 2017 Makefile
-rwxr-xr-x 1 root root 829 Feb 20 2017 renew-dummy-cert
[root@localhost certs]# cd /etc/logstash/conf.d/
[root@localhost conf.d]# ls
编辑
logstash
配置文件
[root@localhost conf.d]# vi 01-logstash-initial.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}
设置开机自启动
[root@localhost conf.d]# systemctl enable logstash
logstash.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash on
开启logstasg服务
[root@localhost conf.d]# systemctl start logstash.service
查看服务运行状态
[root@localhost conf.d]# systemctl status logstash.service
● logstash.service - LSB: Starts Logstash as a daemon.
Loaded: loaded (/etc/rc.d/init.d/logstash; bad; vendor preset: disabled)
Active: active (running) since Tue 2017-10-24 22:54:20 EDT; 14s ago
Docs: man:systemd-sysv-generator(8)
Process: 20017 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/logstash.service
└─20023 java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.i...
Oct 24 22:54:20 elk systemd[1]: Starting LSB: Starts Logstash as a daemon....
Oct 24 22:54:20 elk logstash[20017]: logstash started.
Oct 24 22:54:20 elk systemd[1]: Started LSB: Starts Logstash as a daemon..
[root@localhost conf.d]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1256/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3060/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1266/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2035/master
tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 19247/node
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1285/php-fpm: maste
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::9200 :::* LISTEN 10867/java
tcp6 0 0 :::9300 :::* LISTEN 10867/java
tcp6 0 0 :::9301 :::* LISTEN 20023/java
tcp6 0 0 :::22 :::* LISTEN 1266/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2035/master
tcp6 0 0 :::5000 :::* LISTEN 20023/java
[root@localhost conf.d]# cd /var/log/logstash/
[root@localhost logstash]# ls
logstash.err logstash.log logstash.stdout[root@localhost logstash]# firewall-cmd --permanent --add-port=5000/tcp
success
[root@localhost logstash]# firewall-cmd --reload
success
[root@localhost logstash]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: br0
sources:
services: dhcpv6-client ssh ipsec xl2tpd
ports: 3306/tcp 9200/tcp 9300/tcp 5000/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=5601:toaddr=
source-ports:
icmp-blocks:
rich rules:
Client端安装
[root@bihu ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.153 ns.bihu.com.
192.168.3.95 elk.server.com(新添加解析)
[root@bihu ~]# service network restart
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 Auto_eth2: 错误:没有找到合适的设备:没有找到可用于连接 'Auto eth2' 的设备。
[失败]
弹出界面 Auto_eth3: 活跃连接状态:激活中
活跃连接路径:/org/freedesktop/NetworkManager/ActiveConnection/1
状态:激活的
连接被激活 [确定]
测试连接
[root@bihu ~]# ping elk.server.com
PING elk.server.com (192.168.3.95) 56(84) bytes of data.
64 bytes from elk.server.com (192.168.3.95): icmp_seq=1 ttl=63 time=37.0 ms
64 bytes from elk.server.com (192.168.3.95): icmp_seq=2 ttl=63 time=37.7 ms
^C
--- elk.server.com ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2029ms
rtt min/avg/max/mdev = 37.002/37.362/37.722/0.360 ms
root@bihu ~]# cd /usr/local/src/
[root@bihu src]# ls
boost_1_45_0 hadoop-2.7.3 libmcrypt-2.5.8 mongodb-linux-x86_64-3.0.6 nginx-1.8.1 php-5.6.16 phpmyadmin pydash redis-3.2.4
FastDFS libevent-2.0.21-stable mongodb mysql-5.7.19.tar.gz pcre-8.39 php-7.1.3 phpredis-2.2.4 Python-3.5.0 zabbix-2.0.6
[root@bihu src]#
[root@bihu src]# mkdir elk
[root@bihu src]# cd elk/
拷贝logstash-forwarder-0.4.0-1.x86_64.rpm到本地
[root@bihu elk]# scp root@192.168.3.95:/usr/local/src/elk安装/logstash-forwarder-0.4.0-1.x86_64.rpm .
The authenticity of host '192.168.3.95 (192.168.3.95)' can't be established.
RSA key fingerprint is c4:e9:8f:db:9e:d7:4f:91:77:d5:b2:64:75:98:7b:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.95' (RSA) to the list of known hosts.
root@192.168.3.95's password:
logstash-forwarder-0.4.0-1.x86_64.rpm 100% 1692KB 1.7MB/s 00:00
[root@bihu elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
拷贝Server端的key到本地
[root@bihu elk]# scp root@192.168.3.95:/etc/pki/tls/certs/logstash-forwarder.crt .
root@192.168.3.95's password:
logstash-forwarder.crt 100% 1107 1.1KB/s 00:00
将key拷贝到/etc/pki/tls/certs/下
[root@bihu elk]# cp logstash-forwarder.crt /etc/pki/tls/certs/
root@bihu elk]# cd /etc/pki/tls/certs/
[root@bihu certs]# ls
ca-bundle.crt ca-bundle.trust.crt logstash-forwarder.crt make-dummy-cert Makefile renew-dummy-cert
[root@bihu certs]# cd /usr/local/src/
boost_1_45_0/ hadoop-2.7.3/ mongodb/ nginx-1.8.1/ php-7.1.3/ pydash/ zabbix-2.0.6/
elk/ libevent-2.0.21-stable/ mongodb-linux-x86_64-3.0.6/ pcre-8.39/ phpmyadmin/ Python-3.5.0/
FastDFS/ libmcrypt-2.5.8/ mysql-5.7.19.tar.gz php-5.6.16/ phpredis-2.2.4/ redis-3.2.4/
[root@bihu certs]# cd /usr/local/src/elk/
Yum本地安装logstash-forwarder-0.4.0-1.x86_64.rpm
[root@bihu elk]# yum localinstall logstash-forwarder-0.4.0-1.x86_64.rpm
已加载插件:fastestmirror, refresh-packagekit, security
设置本地安装进程
诊断 logstash-forwarder-0.4.0-1.x86_64.rpm: logstash-forwarder-0.4.0-1.x86_64
logstash-forwarder-0.4.0-1.x86_64.rpm 将被安装
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.fedoraproject.org'"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=extras&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=updates&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
* base: centos.ustc.edu.cn
* epel: ae.mirror.rasanegar.com
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
http://centos.ustc.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://ftp.sjtu.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.sjtu.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.btte.net/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.btte.net'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.hust.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.hust.edu.cn'"
尝试其他镜像。
http://mirrors.neusoft.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.neusoft.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.tuna.tsinghua.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.tuna.tsinghua.edu.cn'"
尝试其他镜像。
http://centos.ustc.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.163.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.163.com'"
尝试其他镜像。
http://mirrors.aliyun.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.aliyun.com'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.hust.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.hust.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.nwsuaf.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.nwsuaf.edu.cn'"
尝试其他镜像。
http://mirrors.sohu.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sohu.com'"
尝试其他镜像。
http://centos.ustc.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.163.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.163.com'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.neusoft.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.neusoft.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.sohu.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sohu.com'"
尝试其他镜像。
http://mirrors.tuna.tsinghua.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.tuna.tsinghua.edu.cn'"
尝试其他镜像。
http://mirrors.zju.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.zju.edu.cn'"
尝试其他镜像。
解决依赖关系
--> 执行事务检查
---> Package logstash-forwarder.x86_64 0:0.4.0-1 will be 安装
--> 完成依赖关系计算
依赖关系解决
============================================================================================================================================================================================================
软件包 架构 版本 仓库 大小
============================================================================================================================================================================================================
正在安装:
logstash-forwarder x86_64 0.4.0-1 /logstash-forwarder-0.4.0-1.x86_64 5.7 M
事务概要
============================================================================================================================================================================================================
Install 1 Package(s)
总文件大小:5.7 M
Installed size: 5.7 M
确定吗?[y/N]:y
下载软件包:
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
正在安装 : logstash-forwarder-0.4.0-1.x86_64 1/1
Logs for logstash-forwarder will be in /var/log/logstash-forwarder/
Verifying : logstash-forwarder-0.4.0-1.x86_64 1/1
已安装:
logstash-forwarder.x86_64 0:0.4.0-1
完毕!
开启服务
[root@bihu elk]# service logstash-forwarder restart
logstash-forwarder started
cd到日志目录
[root@bihu elk]# cd /var/log/logstash-forwarder/
[root@bihu logstash-forwarder]# ls
logstash-forwarder.err logstash-forwarder.log
修改配置文件
vim /etc/logstash-forwarder.conf
{
"network": {
"servers": [ "elk.server.com:5000" ],
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
"timeout": 15
},
"files": [
{
"paths": [
"/var/log/messages",
"/var/log/secure"
],
"fields": { "type": "syslog" }
}
]
}
界面验证
首先在
client
中手动增加一条日志:
[root@localhost elk]# logger lw_Logtest
我们的Elk搭建完毕!!!
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有 