環(huán)境以及相關(guān)內(nèi)核, 安裝java包.

十余年的三山網(wǎng)站建設(shè)經(jīng)驗，針對設(shè)計、前端、開發(fā)、售后、文案、推廣等六對一服務(wù)，響應(yīng)快，48小時及時工作處理。營銷型網(wǎng)站的優(yōu)勢是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同，自動調(diào)整三山建站的顯示方式，使網(wǎng)站能夠適用不同顯示終端，在瀏覽器中調(diào)整網(wǎng)站的寬度，無論在任何一種瀏覽器上瀏覽網(wǎng)站，都能展現(xiàn)優(yōu)雅布局與設(shè)計，從而大程度地提升瀏覽體驗。成都創(chuàng)新互聯(lián)公司從事“三山網(wǎng)站設(shè)計”,“三山網(wǎng)站推廣”以來，每個客戶項目都認真落實執(zhí)行。

[root@gz3_elk_001 /]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)
[root@gz3_elk_001 /]# yum -y install java
[root@gz3_elk_001 /]# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
[root@gz3_elk_001 /]#  sysctl -p

這里不用源碼安裝，是為了方便不寫啟動服務(wù)
如果用源碼安裝的話，可以把服務(wù)修改成相對應(yīng)的目錄跟用戶就可以

下載

[root@gz3_elk_001 /]# cd /usr/local/src
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-x86_64.rpm
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.4.2.rpm
[root@gz3_elk_001 /]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-x86_64.rpm

安裝并設(shè)置開機啟動服務(wù)

[root@gz3_elk_001 /]# cd /usr/local/src
[root@gz3_elk_001 /]# rpm -ivh elasticsearch-7.4.2-x86_64.rpm 
[root@gz3_elk_001 /]# yum -y install logstash-7.4.2.rpm
[root@gz3_elk_001 /]# rpm -ivh kibana-7.4.2-x86_64.rpm 

[root@gz3_elk_001 /]# systemctl enable elasticsearch.service kibana.service logstash.service 

一，配置elasticsearch

生成密鑰

[root@gz3_elk_001 /]# cd /usr/share/elasticsearch/bin/
[root@gz3_elk_001 /]# ./elasticsearch-certutil cert -out /etc/elasticsearch/elastic-certificates.p12 -pass ""

此處有坑，得修改文件權(quán)限

[root@gz3_elk_001 /]# chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 

修改配置

[root@gz3_elk_001 /]# cp elasticsearch.yml  elasticsearch.ymlback
[root@gz3_elk_001 /]# cd /etc/elasticsearch
[root@gz3_elk_001 /]# cat elasticsearch.yml|grep -v "#"
cluster.name: elk
node.name: node-1
node.master: true
node.data: true
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.3.44
http.port: 9200
discovery.seed_hosts: ["192.168.3.44"]
cluster.initial_master_nodes: ["192.168.3.44"]

此處還有一個坑，還得修改權(quán)限

 [root@gz3_elk_001 /]# chown elasticsearch:elasticsearch /data/elasticsearch

測試啟動

[root@gz3_elk_001 /]# systemctl restart elasticsearch.service
[root@gz3_elk_001 /]# systemctl status elasticsearch.service

如果啟動出錯，到/var/log/elasticsearch/下看日志

以為系統(tǒng)強調(diào)安全性，所以需要配置xpack,修改elasticsearch.yml配置，開啟xpack

[root@gz3_elk_001 /]# cat /etc/elasticsearch/elasticsearch.yml|grep -v "#"
cluster.name: elk
node.name: node-1
node.master: true
node.data: true
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.3.44
http.port: 9200
discovery.seed_hosts: ["192.168.3.44"]
cluster.initial_master_nodes: ["192.168.3.44"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

重啟systemctl restart elasticsearch.service,然后生成默認的密碼

[root@gz3_elk_001 /]# cd /usr/share/elasticsearch/bin/
[root@gz3_elk_001 /]# ./elasticsearch-setup-passwords auto

Changed password for user apm_system
PASSWORD apm_system = hyyhuxxx

Changed password for user kibana
PASSWORD kibana = HbwFY0xxx

Changed password for user logstash_system
PASSWORD logstash_system = nvrxxx

Changed password for user beats_system
PASSWORD beats_system = VvAhnxxx

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = yGNFRTxxx

Changed password for user elastic
PASSWORD elastic = czF01xx

記住以上的信息，后期要用

二，配置kibana

[root@gz3_elk_001 /]# cd /etc/kibana/
[root@gz3_elk_001 /]# cp kibana.yml kibana.ymlback
[root@gz3_elk_001 /]# cat kibana.yml |grep -v "#"|grep -v "^$"
server.port: 5601
server.host: "192.168.3.44"
elasticsearch.hosts: ["http://192.168.3.44:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "kOHyFxxxx"
i18n.locale: "zh-CN" 

i18n.locale: "zh-CN" 表示用中文版，界面比較友好

三.配置logstash

[root@gz3_elk_001 /]# cd /etc/logstash/
[root@gz3_elk_001 /]# cp logstash.yml logstash.ymlback
[root@gz3_elk_001 /]# cd /etc/logstash/conf.d

cat nginx_access.conf

input {
  beats {
    type => "nginx_access"
    port => 5044
  }
}
filter {
  if[type] =="nginx_access" {
    grok {
      match => { "message" => "%{IP:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:time}\] \"%{WORD:method} %{D
ATA:url} HTTP/%{NUMBER:htt
p_version:float}\" %{NUMBER:response_code:int} %{NUMBER:body_sent:int} \"%{DATA:referrer}\" \"%{DATA:agent}\
" \"%{DATA:x_forwarded_
for}\"" }
    remove_field => "message"
  }
  date {
    match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
    target => "@timestamp"
    }
  }
}
output {
  if[type]=="nginx_access"{
    elasticsearch {
      hosts => ["http://192.168.3.44:9200"]
      index => "nginx-access-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "czF01xx"
    }
  }
}

此處用過logstash_system這個賬號密碼，但是沒成功
只能用最高權(quán)限的 elastic賬號

驗證配置是否正確

[root@gz3_elk_001 /]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx_access.conf -t

Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-11-27 14:59:29.515 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-11-27 14:59:31.841 [LogStash::Runner] Reflections - Reflections took 56 ms to scan 1 urls, producing 20 keys and 40 values 
Configuration OK
[INFO ] 2019-11-27 14:59:32.487 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

出現(xiàn)Configuration OK就說明配置Ok

[root@gz3_elk_001 /]# systemctl status logstash.service 
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-11-27 16:12:15 CST; 2min 11s ago

主服務(wù)器上的配置就配好了，這個時候可以登錄kibana
使用elastic這個賬號密碼登錄。

當前文章：centos7配置es單機，使用xpack控制權(quán)限
當前路徑：http://www.rwnh.cn/article36/jishsg.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供響應(yīng)式網(wǎng)站、Google、定制開發(fā)、品牌網(wǎng)站建設(shè)、外貿(mào)建站、小程序開發(fā)

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)