Elasticsearch and kibana and filebeat
Elasticsearch and kibana and filebeat 轻量级日志监控系统
说明:
elasticsearch 依赖java
Logstash 依赖于JVM,内存消耗比较高
filebeat go语言轻量级日志监控系统

安装

elasticsearch-6.2.3.tar.gz
filebeat-6.2.3-linux-x86_64.tar.gz
kibana-6.2.3-linux-x86_64.tar.gz
jdk-8u161-linux-x64.tar.gz

# tar -zxvf jdk-8u161-linux-x64.tar.gz -C /usr/local
# vi /etc/profile
 export JAVA_HOME=/usr/local/jdk1.8.0_161/
 export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 export PATH=$JAVA_HOME/bin:$PATH
# java -version

# tar -zxvf elasticsearch-6.2.3.tar.gz -C /usr/local
# vi /etc/security/limits.conf
 * soft nofile  65536
 * hard nofile  131072
# vi /etc/sysctl.conf
 vm.max_map_count=262144
# vi /usr/local/elasticsearch-6.2.3/conf/elasticsearch.yml
 network.host: 0.0.0.0
 http.port: 9200
# useradd elastic
# chow -R elastic.elastic /usr/local/elasticsearch-6.2.3
# su - elastic
# /usr/local/elasticsearch-6.2.3/bin/elasticsearch -d
# curl 127.0.0.1:9200
{
 "name" : "8Wd9C8n",
 "cluster_name" : "elasticsearch",
 "cluster_uuid" : "9zevQvrfSMCuPFv-4eb3zw",
 "version" : {
     "number" : "6.2.3",
     "build_hash" : "c59ff00",
     "build_date" : "2018-03-13T10:06:29.741383Z",
     "build_snapshot" : false,
     "lucene_version" : "7.2.1",
     "minimum_wire_compatibility_version" : "5.6.0",
     "minimum_index_compatibility_version" : "5.0.0"
 },
 "tagline" : "You Know, for Search"
 }
# tar -zxvf kibana-6.2.3-linux-x86_64.tar.gz -C /usr/local
# mv /usr/local/kibana-6.2.3-linux-x86_64 /usr/local/kibana-6.2.3
# vi /usr/local/kibana-6.2.3/config/kibana.yml
 server.host: "0.0.0.0"
 elasticsearch.url: "http://127.0.0.1:9200"
# /usr/local/kibana-6.2.3/bin/kibana &

# tar -zxvf filebeat-6.2.3-linux-x86_64.tar.gz -C /usr/local/
# mv /usr/local/filebeat-6.2.3-linux-x86_64  /usr/local/filebeat-6.2.3
# vi /usr/local/filebeat-6.2.3/filebeat.yml
 filebeat.prospectors:
 - type: log
     paths:
        - /var/log/*
 output.elasticsearch:
     hosts: ["127.0.0.1:9200"]
# /usr/local/filebeat-6.2.3/filebeat &

通过浏览器输入 IP+5601
192.168.1.1:5601
managenment > index patterns > filebeat-* > create