全球主机测评
以下是在CentOS 7上部署ELK的详细步骤,包括主机添加操作命令配置,并集成为一个Shell脚本和Python脚本。
一、环境准备
-
系统更新:sudo yum update -y
-
安装Java(ELK需要Java环境):sudo yum install java-1.8.0-openjdk-devel -y
-
设置主机名(可选):sudo hostnamectl set-hostname elk-server
-
配置防火墙:
sudo firewall-cmd –permanent –add-port=9200/tcp # Elasticsearch
sudo firewall-cmd –permanent –add-port=9100/tcp # Elasticsearch-head
sudo firewall-cmd –permanent –add-port=9300/tcp # Elasticsearch集群通信
sudo firewall-cmd –permanent –add-port=5601/tcp # Kibana
sudo firewall-cmd –permanent –add-port=5044/tcp # Logstash
sudo firewall-cmd –reload二、安装Elasticsearch
-
导入Elasticsearch GPG密钥:sudo rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch
-
创建Elasticsearch仓库文件:sudo vi /etc/yum.repos.d/elasticsearch.repo
添加以下内容:
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md安装Elasticsearch:sudo yum install elasticsearch -y
配置Elasticsearch:
编辑配置文件:sudo vi /etc/elasticsearch/elasticsearch.yml修改以下内容:
network.host: 0.0.0.0
discovery.seed_hosts: [“127.0.0.1”]
cluster.initial_master_nodes: [“127.0.0.1”]Elasticsearch数据库需要设置文件最大打开数。切换到root用户使用命令如下:
vim /etc/security/limits.conf
在文件的末尾添加如下内容:
* soft nofile 65536
* hard nofile 65536
保存后退出。继续修改vm.max_map_count,命令如下:
vim /etc/sysctl.conf
在文件末尾添加如下内容:
vm.max_map_count=262145启动并启用Elasticsearch:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch三、安装Logstash
安装Logstash:
sudo yum install logstash -y 配置Logstash:
创建一个简单的Logstash配置文件: sudo vi /etc/logstash/conf.d/logstash.conf添加以下内容:
input {
beats {
port => 5044
}
}output {
elasticsearch {
hosts => [“localhost:9200”]
index => “logstash-%{+YYYY.MM.dd}”
}
stdout { codec => rubydebug }
}启动并启用Logstash:
sudo systemctl enable logstash
sudo systemctl start logstash四、安装Kibana
安装Kibana:
sudo yum install kibana -y 配置Kibana:
编辑配置文件:
sudo vi /etc/kibana/kibana.yml
修改以下内容:
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://localhost:9200”]启动并启用Kibana:
sudo systemctl enable kibana
sudo systemctl start kibana五、验证安装
-
检查Elasticsearch:curl -X GET “localhost:9200”
-
-
检查Kibana:
打开浏览器,访问http://<your-server-ip>:5601。
-
六、集成Shell脚本
将上述步骤集成到一个Shell脚本中:
#!/bin/bash
# 更新系统
sudo yum update -y# 安装Java
sudo yum install java-1.8.0-openjdk-devel -y# 设置主机名
sudo hostnamectl set-hostname elk-server# 配置防火墙
sudo firewall-cmd –permanent –add-port=9200/tcp
sudo firewall-cmd –permanent –add-port=9300/tcp
sudo firewall-cmd –permanent –add-port=5601/tcp
sudo firewall-cmd –permanent –add-port=5044/tcp
sudo firewall-cmd –reload# 安装Elasticsearch
sudo rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo tee /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
sudo yum install elasticsearch -y# 配置Elasticsearch
sudo tee /etc/elasticsearch/elasticsearch.yml <<EOF
network.host: 0.0.0.0
discovery.seed_hosts: [“127.0.0.1”]
cluster.initial_master_nodes: [“127.0.0.1”]
EOF# 启动Elasticsearch
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch# 安装Logstash
sudo yum install logstash -y# 配置Logstash
sudo tee /etc/logstash/conf.d/logstash.conf <<EOF
input {
beats {
port => 5044
}
}output {
elasticsearch {
hosts => [“localhost:9200”]
index => “logstash-%{+YYYY.MM.dd}”
}
stdout { codec => rubydebug }
}
EOF# 启动Logstash
sudo systemctl enable logstash
sudo systemctl start logstash# 安装Kibana
sudo yum install kibana -y# 配置Kibana
sudo tee /etc/kibana/kibana.yml <<EOF
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://localhost:9200”]
EOF# 启动Kibana
sudo systemctl enable kibana
sudo systemctl start kibanaecho “ELK stack installation and configuration completed!”
通过上述步骤和脚本,在CentOS 7上快速部署和配置ELK堆栈。Shell脚本可以帮助大家自动化安装和配置过程,大家一起研究学习,如有不妥之处请大家帮忙指正。
-
