ELK +filebeat +redis 安装

一、安装elasticsearch

elasticsearch-6.1.2安装

• 解压 进入目录
• 配置文件 elasticsearch.yml
• 修改 ip 和端口
• 创建运行用户 elk
• 授权 chown -R elk:elk /data1/elasticsearch-6.1.2
• elk 用户启动 ：

cd /data1/elasticsearch-6.1.2/bin/ nohup ./elasticsearch & 

二、安装logstash

• 解压 进入目录
• 配置文件 test.conf

input { redis { data_type => "list" key => "220" host => "192.168.1.235" port => 6379 password => "redis" db => 2 threads => 1 } } output { if [type] == "220messages" { elasticsearch { hosts => [ "192.168.1.235:9200"] index => "220messages" } } if [type] == "220ssh" { elasticsearch { hosts => [ "192.168.1.235:9200"] index => "220ssh" } } if [type] == "220tomcat" { elasticsearch { hosts => [ "192.168.1.235:9200"] index => "220tomcat" } } stdout{ codec => rubydebug } }

• 启动

nohup /data1/elk/logstash-6.1.2/bin/logstash -f /data1/elk/logstash-6.1.2/config/test.conf &

三、kibana 安装

• 解压进入目录 kibana-6.1.2-linux-x86_64
• 配置配置文件kibana.yml

* 端口 server.port: 5601 * server.host: "0.0.0.0" * elasticsearch.url: "http://192.168.1.235:9200"

• 启动

cd /data1/elk/kibana-6.1.2-linux-x86_64/bin nohup ./kibana & 

四、安装filebeat

• 解压进入目录 filebeat-6.1.2-linux-x86_64
• 配置文件

filebeat.prospectors: - input_type: log paths: - /data1/tomcat-9.0/logs/logback.log #定义额外字段 fields: type: 220tomcat #覆盖重名字段 fields_under_root: true ## 注意 fields 和 fields_under_root 处于同一层级 - input_type: log paths: - /var/log/messages fields: type: 220messages fields_under_root: true - input_type: log paths: - /var/log/secure fields: type: 220ssh fields_under_root: true # 输出到redis output.redis: hosts: ["192.168.1.235"] port: 6379 password: "redis" db: 2 timeout: 5 key: "220" 

• 启动

nohup ./filebeat -c test.yml & 

安装redis

• 到我的另外一篇 redis 安装查看 安装方式
• https://yq.aliyun.com/articles/578251?spm=a2c4e.11155435.0.0.76f63312GxlXoE