ELK - docker
版本:ELK 8.0.1
一、安装elasticsearch:8.0.1
https://hub.docker.com/_/elasticsearch
docker pull elasticsearch:8.0.1
docker images
docker network create elknetwork #创建自定义的网络(用于连接到连接到同一网络的其他服务
docker run -d --name elasticsearch --net elknetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:8.0.1
172.18.0.2:9200
docker exec -it elasticsearch /bin/bash
###自动生成密码用auto, 自己设置用 interactive
[root@elk logstash]# docker exec -it elasticsearch /bin/bash
elasticsearch@7e7e9cbb1e01:~$ ./bin/elasticsearch-setup-passwords auto
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
******************************************************************************
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Changed password for user apm_system
PASSWORD apm_system = fuLgmI0kEIhaVIdk3gPL
Changed password for user kibana_system
PASSWORD kibana_system = 5gVgnzMFqOiXt810iqjw
Changed password for user kibana
PASSWORD kibana = 5gVgnzMFqOiXt810iqjw
Changed password for user logstash_system
PASSWORD logstash_system = rX2rl3fhXBkO02KZ59pW
Changed password for user beats_system
PASSWORD beats_system = u4ZDiEIiR17beOeqQwHM
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 892goPXvQnS6nqhL3h2Q
Changed password for user elastic
PASSWORD elastic = zLYQn7bx7FfkKPJfPMzf
#####证书配置,可忽略(8.0.1 已默认自动开启)
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
###为kibana生成tocken,配置kibana需要使用
elasticsearch@9eaef9042bf6:~$ ./bin/elasticsearch-create-enrollment-token --scope kibana
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
eyJ2ZXIiOiI4LjAuMSIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiMjFiZTM3YWNhNTM2YjFjNTI4YjI2OTJjOTc0ZGQ2YjI4ZDI0ODhhOTlmOWYxMWRhNjI4MjAyN2M2OWQwNjFlYiIsImtleSI6IlVuQ1VISUFCVzBWS2QxTGJIY3ZMOlpLUmVfYkdLVEhDbXZ4UUxZQzM4ZmcifQ==
二、安装 kibana:8.0.1
https://hub.docker.com/_/kibana
docker pull kibana:8.0.1
docker images
docker run -d --name kibana --net elknetwork -p 5601:5601 kibana:8.0.1
http://ip:5601三、安装 logstash:8.0.1
https://hub.docker.com/_/logstash
docker pull logstash:8.0.1
docker images
创建 logstash 目录,用来存放所有配置,创建log存放日志目录
mkdir /data/logstash/conf.d -p
mkdir /data/log/logstash
vim /data/logstash/logstash.yml
path.config: /usr/share/logstash/conf.d/*.conf
path.logs: /var/log/logstash
vim /data/logstash/conf.d/opscloud.conf ##(数据导入到redis中 ,预设 下文redis里设置相关)
input{
redis {
host => "10.2.33.100"
port => 8379
password => "Re123dis"
key => "nginx-web"
data_type => "list"
db => 4
}
}
output {
elasticsearch {
hosts => ["https://elastic:[email protected]:9200"]
index => "redis-%{+YYYY.MM.dd}"
ssl => true
ssl_certificate_verification => false
}
stdout { codec => rubydebug }
}
docker run -it -d -p 5044:5044 --name logstash --net elknetwork -v /data/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml -v /data/logstash/conf.d/:/usr/share/logstash/conf.d/ --privileged=true logstash:8.0.1
访问配置kibana
docker exec -it kibana /bin/bash
kibana@c36aaf08016b:~$ ./bin/kibana-verification-code
Your verification code is: 286 122 四、安装 redis
docker pull redis
wget http://download.redis.io/redis-stable/redis.conf
####修改的配置文件内容
appendonly yes 开启redis 持久化
protected-mode no
requirepass Re123dis
######
sudo docker run -p 8379:6379 --name redis -v /data/redis/redis.conf:/etc/redis/redis.conf -v /data/redis/data:/data -d redis --appendonly yes五、客户端上安装 filebeat
yum -y install filebeat.x86_64
[root@www filebeat]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/httpd/*_log
tags: ["nginx-web"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.redis:
hosts: ["10.2.33.100:8379"]
password: "Re123dis"
key: "nginx-web"
data_type: "list"
db: 4
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
[root@www filebeat]# systemctl start filebeat
[root@www filebeat]# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2022-04-11 17:51:50 CST; 1 day 16h ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 18184 (filebeat)
CGroup: /system.slice/filebeat.service
└─18184 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebe...
Apr 13 10:42:50 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:42:50.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:43:20 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:43:20.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:43:50 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:43:50.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:44:20 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:44:20.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:44:50 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:44:50.566+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:45:20 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:45:20.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:45:50 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:45:50.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:46:20 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:46:20.565+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:46:50 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:46:50.566+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Apr 13 10:47:20 www.yoyi.com.cnjs filebeat[18184]: 2022-04-13T10:47:20.566+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu...
Hint: Some lines were ellipsized, use -l to show in full.
六、查看信息
[root@elk ~]# docker exec -it redis /bin/bash
root@4dc403347141:/data# redis-cli
127.0.0.1:6379> auth Re123dis
OK
127.0.0.1:6379> select 4
OK
127.0.0.1:6379[4]> keys *
1) "nginx-web"
