docker一键部署ELK日志系统

目的：

        使用容器化快速部署ELK日志系统，方便一些初学者能够快速的认识和接触ELK日志系统。

1、安装docker

        参考：安装docker教程_@土豆的博客-CSDN博客

2、ELK一键部署脚本

# 直接复制粘贴即可

# 创建ELK项目目录
mkdir -p /opt/docker_elk

# 创创建logstash配置文件
# 设置logstash对外暴露的端口是：4560
mkdir -p /opt/docker_elk/logstash
cat > /opt/docker_elk/logstash/logstash.conf << EOF

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
    codec => json
  }}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "logstash-%{+YYYY.MM.dd}"
  }}


input {
   file {
       path => "/var/log/*log"
       type => "systemlog"
       start_position => "beginning"
   }
}
output {
  stdout {
    codec => "rubydebug"
  }
  elasticsearch {
    hosts => "es:9200"
    index => "systemlog-%{+YYYY.MM.dd}"
    action => "index"
  }
}

EOF


## 创建docker-compose.yml文件,为 ELK 一键部署和启动的文件

cat > /opt/docker_elk/docker-compose.yml << EOF

version: '3.7'
services:
  elasticsearch:
    image: elasticsearch:7.6.2
    container_name: elasticsearch
    privileged: true
    user: root
    environment:
      #设置集群名称为elasticsearch
      - cluster.name=elasticsearch
      #以单一节点模式启动
      - discovery.type=single-node
      #设置使用jvm内存大小
      - ES_JAVA_OPTS=-Xms512m -Xmx512m
  # 要是 es 映射到本地持久化，es会因为没有写权限启动失败
  # es 持久化，但是没有写权限启动失败解决办法：chmod -R 777 /opt/docker_elk/elasticsearch
  #  volumes:
  #    - /opt/docker_elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins
  #    - /opt/docker_elk/elasticsearch/data:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300

  logstash:
    image: logstash:7.6.2
    container_name: logstash
    ports:
       - 4560:4560
    privileged: true
    environment:
      - TZ=Asia/Shanghai
    volumes:
      #挂载logstash的配置文件
      - /opt/docker_elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch
    links:
      #可以用es这个域名访问elasticsearch服务
      - elasticsearch:es

  kibana:
    image: kibana:7.6.2
    container_name: kibana
    ports:
        - 5601:5601
    privileged: true
    links:
      #可以用es这个域名访问elasticsearch服务
      - elasticsearch:es
    depends_on:
      - elasticsearch
    environment:
      #设置访问elasticsearch的地址
      - elasticsearch.hosts=http://es:9200
  
   # kibana 访问地址为： http://你的主机IP:5601   

EOF


# 启动ELK 日志系统
cd /opt/docker_elk
docker-compose up -d

# 查看 ELK 日志
# docker-compose logs