[Debian] 安裝 ELK Stack
#Step 01 – 安裝 Install Java
Elasticsearch – 它存儲來自Logstash的傳入日誌,並提供實時搜索日誌/數據的功能。
Logstash – 處理(收集,豐富並將其發送到Elasticsearch)beats(轉發器)發送的傳入日誌。
Kibana – 提供事件和日誌的可視化。
Beats – 安裝在客戶端計算機上,並通過beats協議將日誌發送到Logstash或Elasticsearch。
Install Java
apt update
apt install -y openjdk-11-jre
java -version
檢查版本
Add Elastic 套件資料庫
apt install -y wget apt-transport-https curl
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
#Step 02 – 安裝 Elasticsearch
apt update
apt install -y elasticsearch-oss
systemctl start elasticsearch
systemctl enable elasticsearch
檢查 elasticsearch
curl -X GET http://localhost:9200
#Step 03 – 安裝 & 設定 Logstash
apt install -y logstash-oss
vi /etc/logstash/conf.d/beats-syslog.conf
###########################################################################################
input {
beats {
port => 5044
ssl => false
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => localhost
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
###########################################################################################
服務重啟
sudo systemctl start logstash
sudo systemctl enable logstash
確認log
cat /var/log/logstash/logstash-plain.log
#Step 04 – 安裝 and 設定 Kibana
apt install -y kibana-oss
vi /etc/kibana/kibana.yml
使用的服務器IP地址對以下行進行更改
server.host: "192.168.0.10"
systemctl start kibana
systemctl enable kibana
修改服務
#Step 05 – 安裝 Filebeat
Filebeat是在客戶端計算機上運行的軟件。 它將日誌發送到Logstash服務器進行解析,或者將日誌發送到Elasticsearch進行存儲,具體取決於配置。
為apt安裝wget和HTTPS支持。
apt install -y wget apt-transport-https curl
可以從Elastic存儲庫中獲取軟件包。
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
apt update
apt install -y filebeat-oss
vi /etc/filebeat/filebeat.yml
需要編輯此文件以將日誌發送到Logstash服務器。
以下配置將syslog(/ var / log / syslog)發送到Logstash服務器。 對於此演示,我已註釋掉/var/log/*.log以避免將所有日誌發送到Logstash服務器。
. . .
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/syslog
. . .
在輸出部分中,註釋掉部分output.elasticsearch :,因為我們不會將日誌存儲到Elasticsearch。
現在,轉到output.logstash:行,並修改條目以將日誌發送到Logstash並提及復制的SSL文件的路徑。
注意:將“ 192.168.0.10”替換為Logstash服務器的IP地址。
. . .
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["192.168.0.10:5044"]
. . .
重啟服務
systemctl restart filebeat
#Step 06 – 安裝 nginx
apt install nginx
#Step 07 –
Enable modules
a2enmod rewrite
a2enmod ssl
mkdir -p /etc/ssl/localcerts
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key
chmod 600 /etc/ssl/localcerts/apache*
2) Edit your site config
Edit file
vi /etc/apache2/sites-available/000-default.conf
Content should be:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile
# Rest of your site config
# ...
#####################
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile /etc/ssl/localcerts/apache.pem
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key
# Rest of your site config
# ...
3) Restart apache2
service apache2 restart
OR
systemctl restart apache2
#Step 08 –
#Step 09 –
#Step 10 –
沒有留言:
張貼留言