首页    技术博客    PHP教程    数据库技术    前端开发   HTML5    Nginx    php论坛
新用户注册 | 会员登录
加入会员,解锁专属内容
取消
热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

Centos7下使用ELK(Elasticsearch+Logstash+Kibana)搭建日志集中分析平台

作者:loveyao123456 | 来源:互联网 | 2023-05-19 03:52
日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散在各个生产服务器,且开发人员无法登陆生产服务器,这时候就需要一个集中式的日志收集装置,对日志中的关键字进行监
日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散在各个生产服务器,且开发人员无法登陆生产服务器,这时候就需要一个集中式的日志收集装置,对日志中的关键字进行监控,触发异常时进行报警,并且开发人员能够查看相关日志。logstash+elasticsearch+kibana3就是实现这样功能的一套系统,并且功能更强大。

  Logstash:负责日志的收集,处理和储存
  Elasticsearch:负责日志检索和分析
  Kibana:负责日志的可视化
环境介绍
server端:
OS:centOS7
IP:192.168.3.95
FQDN:elk.server.com

elkClient
    IP:192.168.5.152
    OS:Centos6.5
elk 使用软件包

 ELK服务端安装
 安装jdk1.7
yum -y install java-1.7.0-openjdk
 
安装elasticsearch
yum localinstall elasticsearch-1.7.3.noarch.rpm
启动服务
systemctl daemon-reload
systemctl enable elasticsearch.service( 设置开机启动
systemctl start elasticsearch.service ( 开启服务
systemctl status elasticsearch.service( 查看服务状态
 
查看安装软件包
rpm -qc elasticsearch
 
查看端口监听情况
netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd          
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1256/nginx: master 
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      3060/dnsmasq       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1266/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2035/master        
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1285/php-fpm: maste
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd          
tcp6       0      0 :::9200                 :::*                    LISTEN      10867/java         
tcp6       0      0 :::9300                 :::*                    LISTEN      10867/java          
tcp6       0      0 :::22                   :::*                    LISTEN      1266/sshd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      2035/master        
 
防火墙添加端口
firewall-cmd --permanent --add-port={9200/tcp,9300/tcp}
重载防火墙
firewall-cmd –reload
 
查看防火墙开放端口
[root@localhost elk安装]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0
  sources:
  services: dhcpv6-client ssh ipsec xl2tpd
  ports: 3306/tcp 9200/tcp 9300/tcp
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
 
安装kibana
解压缩安装包到指定目录中
tar -zxvf kibana-4.1.2-linux-x64.tar.gz -C /usr/local
cd /usr/local/
root@localhost local]# ls
bin  etc  games  include  kibana-4.1.2-linux-x64  lib  lib64  libexec  mysql  nginx  php  php7  sbin  share  src
重命名
mv kibana-4.1.2-linux-x64/ kibana
 
cd kibana
 
[root@localhost kibana]# ls
bin  config  LICENSE.txt  node  plugins  README.txt  src
 
[root@localhost kibana]# cd bin/
[root@localhost bin]# ls ( 运行./kibana即可开启服务,但我们将其做到service
kibana  kibana.bat
[root@localhost bin]# cd /etc/systemd/system
[root@localhost system]# vi kibana.service (编辑kibana服务)
[Service]
ExecStart=/usr/local/kibana/bin/kibana
 
[Install]
WantedBy=multi-user.target
 
设置开机自启动
[root@localhost system]# systemctl enable kibana.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
 
开启服务
[root@localhost system]# systemctl start kibana.service
 
查看服务运行状态
[root@localhost system]# systemctl status kibana.service
● kibana.service
   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-10-24 21:43:02 EDT; 4min 37s ago
 Main PID: 19247 (node)
   CGroup: /system.slice/kibana.service
           └─19247 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
 
Oct 24 21:43:02 localhost.localdomain systemd[1]: Started kibana.service.
Oct 24 21:43:02 localhost.localdomain systemd[1]: Starting kibana.service...
Oct 24 21:43:07 localhost.localdomain kibana[19247]: {"name":"Kibana","hostname":"localhost.localdomain","pid":19247,"level":30,"msg":"No existing kibana index f...2Z","v":0}
Oct 24 21:43:07 localhost.localdomain kibana[19247]: {"name":"Kibana","hostname":"localhost.localdomain","pid":19247,"level":30,"msg":"Listening on 0.0.0.0:5601"...9Z","v":0}
Hint: Some lines were ellipsized, use -l to show in full.
 
查看端口监听状态
[root@localhost system]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd          
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1256/nginx: master 
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      3060/dnsmasq       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1266/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2035/master        
tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      19247/node          
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1285/php-fpm: maste
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd          
tcp6       0      0 :::9200                 :::*                    LISTEN      10867/java         
tcp6       0      0 :::9300                 :::*                    LISTEN      10867/java         
tcp6       0      0 :::22                   :::*                    LISTEN      1266/sshd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      2035/master 
 
为5601端口添加80端口的映射,这样在浏览器中就可以不用输入端口了
[root@localhost system]# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=5601
Success
重载防火墙
[root@localhost system]# firewall-cmd --reload
Success
查看防火墙开放端口
[root@localhost system]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0
  sources:
  services: dhcpv6-client ssh ipsec xl2tpd
  ports: 3306/tcp 9200/tcp 9300/tcp
  protocols:
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=5601:toaddr=
  source-ports:
  icmp-blocks:
  rich rules:
 
安装logstash
[root@localhost system]# cd /usr/local/src/elk安装/
Yum 本地安装logstash
[root@localhost elk安装]# yum localinstall logstash-1.5.4-1.noarch.rpm
 
 
查看当前 FQDN FQDN 设置参见 http://www.cnblogs.com/zhenyuyaodidiao/p/4947930.html
[root@localhost elk安装]# hostname -f
elk.server.com
 
进入到/etc/pki/tls/文件夹
[root@localhost elk安装]# cd /etc/pki/tls/
 
[root@localhost tls]# ls
cert.pem  certs  misc  openssl.cnf  private
 
以下生成openssl key用于客户端上传日志文件用,在客户端配置时会用到
root@localhost tls]# openssl req -subj '/CN=elk.server.com/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwa
rder.crtGenerating a 2048 bit RSA private key
..........................+++
........+++
writing new private key to 'private/logstash-forwarder.key'
-----
 
 [root@localhost tls]# ls
cert.pem  certs  misc  openssl.cnf  private
[root@localhost tls]# cd private/
[root@localhost private]# ll
total 4
-rw-r--r-- 1 root root 1708 Oct 24 22:44 logstash-forwarder.key
 
[root@localhost private]# cd ../certs/
[root@localhost certs]# ll
total 16
lrwxrwxrwx. 1 root root   49 Jun  1 13:46 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Jun  1 13:46 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--  1 root root 1107 Oct 24 22:44 logstash-forwarder.crt
-rwxr-xr-x  1 root root  610 Feb 20  2017 make-dummy-cert
-rw-r--r--  1 root root 2388 Feb 20  2017 Makefile
-rwxr-xr-x  1 root root  829 Feb 20  2017 renew-dummy-cert
 
[root@localhost certs]# cd /etc/logstash/conf.d/
[root@localhost conf.d]# ls
 
编辑 logstash 配置文件
[root@localhost conf.d]# vi 01-logstash-initial.conf
 
input {
  lumberjack {
    port => 5000
    type => "logs"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}
 
 
filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}
 
output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}
 
设置开机自启动
[root@localhost conf.d]# systemctl enable logstash
logstash.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig logstash on
 
开启logstasg服务
[root@localhost conf.d]# systemctl start logstash.service
 
查看服务运行状态
[root@localhost conf.d]# systemctl status logstash.service
● logstash.service - LSB: Starts Logstash as a daemon.
   Loaded: loaded (/etc/rc.d/init.d/logstash; bad; vendor preset: disabled)
   Active: active (running) since Tue 2017-10-24 22:54:20 EDT; 14s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 20017 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/logstash.service
           └─20023 java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.i...
 
Oct 24 22:54:20 elk systemd[1]: Starting LSB: Starts Logstash as a daemon....
Oct 24 22:54:20 elk logstash[20017]: logstash started.
Oct 24 22:54:20 elk systemd[1]: Started LSB: Starts Logstash as a daemon..
[root@localhost conf.d]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd          
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1256/nginx: master 
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      3060/dnsmasq       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1266/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2035/master        
tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      19247/node         
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1285/php-fpm: maste
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd          
tcp6       0      0 :::9200                 :::*                    LISTEN      10867/java         
tcp6       0      0 :::9300                 :::*                    LISTEN      10867/java         
tcp6       0      0 :::9301                 :::*                    LISTEN      20023/java         
tcp6       0      0 :::22                   :::*                    LISTEN      1266/sshd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      2035/master        
tcp6       0      0 :::5000                 :::*                    LISTEN      20023/java       
 
[root@localhost conf.d]# cd /var/log/logstash/
[root@localhost logstash]# ls
logstash.err  logstash.log  logstash.stdout[root@localhost logstash]# firewall-cmd --permanent --add-port=5000/tcp
success
[root@localhost logstash]# firewall-cmd --reload
success
[root@localhost logstash]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0
  sources:
  services: dhcpv6-client ssh ipsec xl2tpd
  ports: 3306/tcp 9200/tcp 9300/tcp 5000/tcp
  protocols:
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=5601:toaddr=
  source-ports:
  icmp-blocks:
  rich rules:
 
Client端安装
[root@bihu ~]# vim /etc/hosts
 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.153   ns.bihu.com.
192.168.3.95    elk.server.com(新添加解析)
[root@bihu ~]# service network restart
关闭环回接口:                                             [确定]
弹出环回接口:                                             [确定]
弹出界面 Auto_eth2: 错误:没有找到合适的设备:没有找到可用于连接 'Auto eth2' 的设备。
                                                           [失败]
弹出界面 Auto_eth3: 活跃连接状态:激活中
活跃连接路径:/org/freedesktop/NetworkManager/ActiveConnection/1
状态:激活的
连接被激活                                                          [确定]
 
 
测试连接
 
[root@bihu ~]# ping elk.server.com
PING elk.server.com (192.168.3.95) 56(84) bytes of data.
64 bytes from elk.server.com (192.168.3.95): icmp_seq=1 ttl=63 time=37.0 ms
64 bytes from elk.server.com (192.168.3.95): icmp_seq=2 ttl=63 time=37.7 ms
^C
--- elk.server.com ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2029ms
rtt min/avg/max/mdev = 37.002/37.362/37.722/0.360 ms
 
root@bihu ~]# cd /usr/local/src/
[root@bihu src]# ls
boost_1_45_0  hadoop-2.7.3            libmcrypt-2.5.8  mongodb-linux-x86_64-3.0.6  nginx-1.8.1  php-5.6.16  phpmyadmin      pydash        redis-3.2.4
FastDFS       libevent-2.0.21-stable  mongodb          mysql-5.7.19.tar.gz         pcre-8.39    php-7.1.3   phpredis-2.2.4  Python-3.5.0  zabbix-2.0.6
[root@bihu src]#
[root@bihu src]# mkdir elk
[root@bihu src]# cd elk/
 
拷贝logstash-forwarder-0.4.0-1.x86_64.rpm到本地
[root@bihu elk]# scp root@192.168.3.95:/usr/local/src/elk安装/logstash-forwarder-0.4.0-1.x86_64.rpm .
The authenticity of host '192.168.3.95 (192.168.3.95)' can't be established.
RSA key fingerprint is c4:e9:8f:db:9e:d7:4f:91:77:d5:b2:64:75:98:7b:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.95' (RSA) to the list of known hosts.
root@192.168.3.95's password:
logstash-forwarder-0.4.0-1.x86_64.rpm                                                                                                                                     100% 1692KB   1.7MB/s   00:00   
[root@bihu elk]# ls
logstash-forwarder-0.4.0-1.x86_64.rpm
 
拷贝Server端的key到本地
[root@bihu elk]# scp root@192.168.3.95:/etc/pki/tls/certs/logstash-forwarder.crt .
root@192.168.3.95's password:
logstash-forwarder.crt                                                                                                                                                    100% 1107     1.1KB/s   00:00  
 
将key拷贝到/etc/pki/tls/certs/下
[root@bihu elk]# cp logstash-forwarder.crt /etc/pki/tls/certs/
 
root@bihu elk]# cd /etc/pki/tls/certs/
[root@bihu certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  logstash-forwarder.crt  make-dummy-cert  Makefile  renew-dummy-cert
[root@bihu certs]# cd /usr/local/src/
boost_1_45_0/               hadoop-2.7.3/               mongodb/                    nginx-1.8.1/                php-7.1.3/                  pydash/                     zabbix-2.0.6/
elk/                        libevent-2.0.21-stable/     mongodb-linux-x86_64-3.0.6/ pcre-8.39/                  phpmyadmin/                 Python-3.5.0/              
FastDFS/                    libmcrypt-2.5.8/            mysql-5.7.19.tar.gz         php-5.6.16/                 phpredis-2.2.4/             redis-3.2.4/               
[root@bihu certs]# cd /usr/local/src/elk/
 
Yum本地安装logstash-forwarder-0.4.0-1.x86_64.rpm
 
[root@bihu elk]# yum localinstall logstash-forwarder-0.4.0-1.x86_64.rpm
已加载插件:fastestmirror, refresh-packagekit, security
设置本地安装进程
诊断 logstash-forwarder-0.4.0-1.x86_64.rpm: logstash-forwarder-0.4.0-1.x86_64
logstash-forwarder-0.4.0-1.x86_64.rpm 将被安装
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.fedoraproject.org'"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=extras&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=updates&infra=stock error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'"
 * base: centos.ustc.edu.cn
 * epel: ae.mirror.rasanegar.com
 * extras: centos.ustc.edu.cn
 * updates: centos.ustc.edu.cn
http://centos.ustc.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://ftp.sjtu.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.sjtu.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.btte.net/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.btte.net'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.hust.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.hust.edu.cn'"
尝试其他镜像。
http://mirrors.neusoft.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.neusoft.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.tuna.tsinghua.edu.cn/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.tuna.tsinghua.edu.cn'"
尝试其他镜像。
http://centos.ustc.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.163.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.163.com'"
尝试其他镜像。
http://mirrors.aliyun.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.aliyun.com'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.hust.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.hust.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.nwsuaf.edu.cn/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.nwsuaf.edu.cn'"
尝试其他镜像。
http://mirrors.sohu.com/centos/6.9/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sohu.com'"
尝试其他镜像。
http://centos.ustc.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.ustc.edu.cn'"
尝试其他镜像。
http://mirror.bit.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.bit.edu.cn'"
尝试其他镜像。
http://mirror.lzu.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.lzu.edu.cn'"
尝试其他镜像。
http://mirrors.163.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.163.com'"
尝试其他镜像。
http://mirrors.cn99.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cn99.com'"
尝试其他镜像。
http://mirrors.neusoft.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.neusoft.edu.cn'"
尝试其他镜像。
http://mirrors.njupt.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.njupt.edu.cn'"
尝试其他镜像。
http://mirrors.sohu.com/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sohu.com'"
尝试其他镜像。
http://mirrors.tuna.tsinghua.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.tuna.tsinghua.edu.cn'"
尝试其他镜像。
http://mirrors.zju.edu.cn/centos/6.9/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.zju.edu.cn'"
尝试其他镜像。
解决依赖关系
--> 执行事务检查
---> Package logstash-forwarder.x86_64 0:0.4.0-1 will be 安装
--> 完成依赖关系计算
 
依赖关系解决
 
============================================================================================================================================================================================================
 软件包                                             架构                                   版本                                    仓库                                                                大小
============================================================================================================================================================================================================
正在安装:
 logstash-forwarder                                 x86_64                                 0.4.0-1                                 /logstash-forwarder-0.4.0-1.x86_64                                 5.7 M
 
事务概要
============================================================================================================================================================================================================
Install       1 Package(s)
 
总文件大小:5.7 M
Installed size: 5.7 M
确定吗?[y/N]:y
下载软件包:
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
  正在安装   : logstash-forwarder-0.4.0-1.x86_64                                                                                                                                                        1/1
Logs for logstash-forwarder will be in /var/log/logstash-forwarder/
  Verifying  : logstash-forwarder-0.4.0-1.x86_64                                                                                                                                                        1/1
 
已安装:
  logstash-forwarder.x86_64 0:0.4.0-1                                                                                                                                                                      
 
完毕!
开启服务
[root@bihu elk]# service logstash-forwarder restart
logstash-forwarder started
 
cd到日志目录
[root@bihu elk]# cd /var/log/logstash-forwarder/
[root@bihu logstash-forwarder]# ls
logstash-forwarder.err  logstash-forwarder.log
 
修改配置文件
vim /etc/logstash-forwarder.conf
 
 
 
 
{
  "network": {
    "servers": [ "elk.server.com:5000" ],
 
    "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
 
    "timeout": 15
  },
 
  "files": [
    {
      "paths": [
        "/var/log/messages",
        "/var/log/secure"
      ],
 
      "fields": { "type": "syslog" }
    }
  ]
}
 
界面验证
  首先在 client 中手动增加一条日志:
[root@localhost elk]# logger lw_Logtest
 
 
我们的Elk搭建完毕!!!

推荐阅读
author-avatar
loveyao123456
这个家伙很懒,什么也没留下!
Tags | 热门标签
RankList | 热门文章
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有