ELK 搭建

1. 安装 elasticsearch
sudo apt-get install openjdk-8-jre
curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.0.0.deb
sudo dpkg -i elasticsearch-5.0.0.deb
sudo /etc/init.d/elasticsearch start


/usr/share/elasticsearch/bin/elasticsearch-plugin -install x-pack
用户名 elastic
密码 changeme




2. 安装 logstash
sudo apt-get install openjdk-8-jre
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-5.0.0.deb
sudo dpkg -i logstash-5.0.0.deb


/usr/share/logstash


安装插件
./bin/logstash-plugin install logstash-input-beats
更新插件
./bin/logstash-plugin update logstash-input-beats




编辑logstash.conf文件，添加如下代码：


input {
  beats {
    port => 5044
  }
}


output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}




开启Logstash


sudo ./bin/logstash --path.settings=/etc/logstash


sudo /etc/init.d/logstash start


3. 安装 Kibana


curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-5.0.0-linux-x86_64.tar.gz
tar xzvf kibana-5.0.0-linux-x86_64.tar.gz
cd kibana-5.0.0-linux-x86_64/
./bin/kibana


bin/kibana-plugin -install x-pack


用户名 Kibana
密码 changeme




4. 安装 Packetbeat
sudo apt-get install libpcap0.8
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-5.0.0-amd64.deb
sudo dpkg -i packetbeat-5.0.0-amd64.deb
sudo /etc/init.d/packetbeat start