前言:我们使用nginx来模拟产生日志的服务,通过filebeat收集,交给kafka进行消息队列,再用logstash消费kafka集群中的数据,交给elasticsearch+kibana监控
服务器环境:
192.168.2.1:elasticsearch
192.168.2.2:filebeat+nginx
192.168.2.3:kafka
192.168.2.4:logstash
elasticseatch+filebeat+kafka+logsstash(6.60)清华源下载: https://mirrors.tuna.tsinghua.edu.cn/elasticstack/6.x/yum/6.6.0/
zookeeper官网下载: https://zookeeper.apache.org/releases.html
kafka官网下载: https://kafka.apache.org/downloads
java -version#验证java环境
安装JDK1.8:yum -y install java-1.8.0-openjdk.x86_64
rpm -ivh /mnt/elk-6.6/elasticsearch-6.6.0.rpm
vi /etc/elasticsearch/elasticsearch.yml
修改一下内容:
node.name: node-1 #群集中本机节点名
network.host: 192.168.2.1,127.0.0.1 #监听的ip地址
http.port: 9200
systemctl start elasticsearch
[root@localhost ~]# netstat -anpt | grep java
tcp6 0 0192.168.2.1:9200 :::* LISTEN 12564/java
tcp6 0 0127.0.0.1:9200 :::* LISTEN 12564/java
tcp6 0 0192.168.2.1:9300 :::* LISTEN 12564/java
tcp6 0 0127.0.0.1:9300 :::* LISTEN 12564/java
tcp6 0 0192.168.2.1:9200 192.168.2.4:34428 ESTABLISHED 12564/java
tcp6 0 0192.168.2.1:9200 192.168.2.4:34436 ESTABLISHED 12564/java
yum -y install nginx
rpm -ivh /mnt/elk-6.6/filebeat-6.6.0-x86_64.rpm
[root@localhost ~]# vi /etc/filebeat/filebeat.yml
添加一下内容:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
output.kafka:
enabled: true
hosts: ["192.168.2.3:9092"] #kafka的IP地址和端口
topic: test1 #kafka的topic
systemctl start nginx
systemctl start filebeat
yum -y install java-1.8.0-openjdk.x86_64
tar xf /mnt/zookeeper-3.4.9.tar.gz -C /usr/local/
mv /usr/local/zookeeper-3.4.9/ /usr/local/zookeeper
cd /usr/local/zookeeper/conf
cp zoo_sample.cfg zoo.cfg
vi zoo.cfg
mkdir data logs
echo 1 > data/myid
/usr/local/zookeeper/bin/zkServer.sh start
/usr/local/zookeeper/bin/zkServer.sh status
vi zoo.cfg
添加一下内容:
dataDir=/usr/local/zookeeper/data
dataLogDir=/usr/local/zookeeper/logs
server.1=192.168.2.3:3188:3288
保存退出
mkdir data logs
echo1 > data/myid
/usr/local/zookeeper/bin/zkServer.sh start
/usr/local/zookeeper/bin/zkServer.sh status
tar xf /mnt/kafka_2.11-2.2.1.tgz -C /usr/local/
mv /usr/local/kafka_2.11-2.2.1/ /usr/local/kafka
cd /usr/local/kafka/config/
cp server.properties server.properties.bak
vi server.properties
修改一下内容:
broker.id=1
listeners=PLAINTEXT://192.168.2.3:9092
zookeeper.connect=192.168.2.3:2181
cd /usr/local/kafka/
./bin/kafka-server-start.sh ./config/server.properties &
./bin/kafka-topics.sh --create--zookeeper localhost:2181 --replication-factor1--partitions1--topic test1 #创建名为test1的topic
./bin/kafka-topics.sh --list--zookeeper localhost:2181 #查看当前有哪些topic
./bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic test1 --from-beginning #查看test1中有那些信息
yum -y install java-1.8.0-openjdk.x86_64
rpm -ivh /mnt/elk-6.6/logstash-6.6.0.rpm
vi /etc/logstash/conf.d/kafka.conf
input {
kafka {
bootstrap_servers => ["192.168.2.3:9092"]
group_id => "es-test"
topics => ["test1"] #与filebeat使用的topic一致
codec => json
}
}
output {
kafka{
codec => json {
charset => "UTF-8"
}
topic_id => "test1"
bootstrap_servers => "192.168.2.3:9092"
}
elasticsearch {
hosts => "http://192.168.2.1:9200"
index => "kafka‐%{+YYYY.MM.dd}"
}
}
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis.conf
rpm -ihv /mnt/elk-6.6/kibana-6.6.0-x86_64.rpm
vim /etc/kibana/kibana.yml
修改:
server.port: 5601
server.host: "192.168.2.5"
server.name: "db01"
elasticsearch.hosts: ["http://192.168.2.1:9200"] #es服务器的ip,便于接收日志数据
systemctl start kibana