(1)用户通过nginx或haproxy访问ELK日志统计平台,IP地址为keepalived的vip地址。 
(2)nginx将请求转发到kibana 
(3)kibana到elasticsearch获取数据,elasticsearch是两台做的集群,数据会随机保存在任意一台elasticsearch服务器。 
(4)logstash①从redis中取出数据并发送到elasticsearch中。 
(5)redis服务器做数据的临时保存,避免web服务器日志量过大的时候造成的数据收集与保存不一致而导致日志丢失,其中redis可以做集群,然后再由logstash服务器在非高峰时期从redis持续的取出数据。 
(6)logstash②过滤从filebeat取出的日志信息,并放入redis中进行保存。 
(7)filebeat进行收集web的日志 
注:其中为什么要在redis前面增加一台logstash呢?是因为在大量的日志数据写入时,容易导致数据的丢失和混乱,为了解决这一问题,增加一台logstash可以通过类型进行过滤,降低数据传输的臃肿。

1、ELK架构实用演示

(1)修改filebeat输出到logstash

[root@linux-node2 ~]# vim /etc/filebeat/filebeat.yml

output.logstash:

  hosts: ["192.168.56.11:5044"]

  enabled: true

  worker:

  compression_level:

[root@linux-node2 ~]# systemctl restart filebeat

(2)配置linux-node1上的logstash并测试标准输出

[root@linux-node1 conf.d]# cat beats.conf

input {

    beats {

        port => ""

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

#写入日志测试

[root@linux-node2 ~]# echo "" >> /var/log/messages

#查看是否有标准输出

[root@linux-node1 conf.d]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/beat.conf

OpenJDK -Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

[INFO ] -- ::04.358 [[main]<beats] Server - Starting server on port:

{

    "@timestamp" => --02T06::.731Z,

        "offset" => ,

      "@version" => "",

          "beat" => {

            "name" => "linux-node2",

        "hostname" => "linux-node2",

         "version" => "6.0.1"

    },

          "host" => "linux-node2",

    "prospector" => {

        "type" => "log"

    },

        "source" => "/var/log/messages",

       "message" => "",

          "tags" => [

        [] "beats_input_codec_plain_applied"

    ]

}

(3)配置linux-node1的logstash输出到redis

[root@linux-node1 conf.d]# vim beats.conf

input {

    beats {

        port => ""

    }

}

output {

               redis {

                       data_type => "list"

                       host => "192.168.56.12"

                       db => ""

                       port => ""

                       password => ""

                       key => "filebeat-systemlog-5612"

        }

}

[root@linux-node1 conf.d]# systemctl restart logstash

#写入日志

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

#查看redis的记录

[root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a

192.168.56.12:> select

OK

192.168.56.12:[]> keys *

) "filebeat-systemlog-5612"

192.168.56.12:[]> keys *

) "filebeat-systemlog-5612"

(4)配置linux-node2上的logstash从redis中取出数据

[root@linux-node2 conf.d]# vim redis-es.conf

input {

    redis {

        data_type => "list"

        host => "192.168.56.12"

        db => ""

        port => ""

        key => "filebeat-systemlog-5612"

        password => ""

    }

}

output {

    elasticsearch {

        hosts => ["192.168.56.11:9200"]

        index => "redis22-systemlog-%{+YYYY.MM.dd}"

    }

}

[root@linux-node2 conf.d]# systemctl restart logstash

(5)head插件查看并添加Kibana索引

#写入日志测试,并在Kibana查看

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# date

2018年 01月 02日 星期二 :: CST

2、filebeat收集多类型日志

#使用filebeat .0写入document_type作为类型判断,无法输出到redis,暂时未找到原因,这里将filebeat换成了5.4版本。

[root@linux-node2 conf.d]# grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$"

filebeat.prospectors:

- input_type: log

  paths:

    - /var/log/*.log

    - /var/log/messages

  exclude_lines: ["^DBG","^$"]

  document_type: filebeat2-systemlog-5612

- input_type : log      #增加一个类型和日志路径

  paths:

    - /usr/local/tomcat/logs/tomcat_access_log.*.log

  document_type: tomcat-accesslog-5612

output.logstash:

  hosts: ["192.168.56.11:5044"]

  worker: 2

  compression_level: 3

[root@linux-node2 conf.d]# systemctl restart filebeat

#修改linux-node1上的logstash配置

[root@linux-node1 conf.d]# cat beats.conf

input {

    beats {

        port => "5044"

    }

}

output {

    if [type] == "filebeat2-systemlog-5612" {

           redis {

                       data_type => "list"

                       host => "192.168.56.12"

                       db => "4"

                       port => "6379"

                       password => "123456"

                       key => "filebeat-systemlog-5612"

        }}

    if [type] == "tomcat-accesslog-5612" {

        redis {

            data_type => "list"

            host => "192.168.56.12"

            db => "6"

            port => "6379"

            password => "123456"

            key => "tomcat-accesslog-5612"

        }

    }

}

#访问tomcat并查看日志

[root@linux-node2 conf.d]# tailf /usr/local/tomcat/logs/tomcat_access_log.2018-01-03.log

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:13 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

#查看redis是否有数据

[root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a 123456

192.168.56.12:6379[4]> select 6

OK

192.168.56.12:6379[6]> keys *

1) "tomcat-accesslog-5612"

192.168.56.12:6379[6]> keys *

1) "tomcat-accesslog-5612"

192.168.56.12:6379[6]> llen tomcat-accesslog-5612

(integer) 54

3、通过nginx代理kibana并实现登录验证

(1)配置nginx

[root@linux-node1 ~]# yum install -y nginx

[root@linux-node1 ~]# vim /etc/nginx/nginx.conf

#增加

include /etc/nginx/conf.d/*.conf;

[root@linux-node1 conf.d]# vim /etc/nginx/conf.d/kibana.conf

upstream kibana_server {

        server 127.0.0.1:5601 weight=1 max_fails=3 fail_timeout=60;

}

server {

        listen 80;

        server_name www.kibana5611.com;

        location / {

                proxy_pass http://kibana_server;

                proxy_http_version 1.1;

        }

}

[root@linux-node1 conf.d]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@linux-node1 conf.d]# systemctl reload nginx

(2)配置kibana.yml

[root@linux-node1 ~]# vim /etc/kibana/kibana.yml

#修改server.host

server.host: "127.0.0.1"

[root@linux-node1 conf.d]# systemctl restart kibana

(3)浏览器访问

windows做hosts解析:192.168.56.11 www.kibana5611.com 
浏览器访问:www.kibana5611.com

(4)配置密码验证登录

[root@linux-node1 ~]# yum install -y httpd-tools

[root@linux-node1 ~]# htpasswd -bc /etc/nginx/conf.d/htpasswd.users zhangshan

[root@linux-node1 ~]# ll /etc/nginx/conf.d/htpasswd.users

-rw-r--r--  root root  1月    : /etc/nginx/conf.d/htpasswd.users

[root@linux-node1 ~]# chown nginx.nginx /etc/nginx/conf.d/htpasswd.users

[root@linux-node1 ~]# vim /etc/nginx/nginx.conf

upstream kibana_server {

        server 127.0.0.1: weight= max_fails= fail_timeout=;

}

server {

        listen ;

        server_name www.kibana5611.com;

        auth_basic "Restricted Access";

        auth_basic_user_file /etc/nginx/conf.d/htpasswd.users;

        location / {

                proxy_pass http://kibana_server;

                proxy_http_version 1.1;

        }

}

[root@linux-node1 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@linux-node1 ~]# systemctl reload nginx

浏览器访问www.kibana5611.com会出现输入用户密码验证登录

ELKStack入门篇(五)之实用架构解析的更多相关文章

  1. 【SSRS】入门篇(五) -- 设置报表格式

    原文:[SSRS]入门篇(五) -- 设置报表格式 在上一节 [SSRS]入门篇(四) -- 向报表添加数据 我们设置好了报表,并可以预览到数据,如下图: 当报表完成后,有个重要的工作就是美化报表格式 ...

  2. ELKStack入门篇(一)之ELK部署和使用

    一.ELKStack简介 1.ELK介绍 中文指南:https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details ELK Stack包 ...

  3. ELKStack入门篇(二)之Nginx、Tomcat、Java日志收集以及TCP收集日志使用

    1.收集Nginx的json格式日志 1.1.Nginx安装 [root@linux-node1 ~]# yum install nginx -y [root@linux-node1 ~]# vim ...

  4. 小迪安全 Web安全 基础入门 - 第五天 - 资产架构&端口&应用&CDN&WAF&站库分离&负载均衡

    一.资产架构 1.Web单个源码指向安全,域名指向一个网站,网站对应一个程序.对应一个目录. 2.Web多个目录源码安全,搭建完一个网站后,在网站目录下搭建新的站点. 3.Web多个端口源码安全,与多 ...

  5. c++入门篇五

    默认参数: //默认参数//函数的默认参数,参数后面有'='//函数参数注意事项,如有一个位置有了默认参数//那么从该位置的后面就必须要有参数 , ) { //b有默认参数,b的后面也应该要有默认参数 ...

  6. redis的入门篇---五种数据类型及基本操作

    查看所有的key keys * 清空所有的key flushall 检查key是否存在 exists key 设置已存在的key的时长 expire key //设置key为10s 查看key还剩多少 ...

  7. ELKStack入门篇(四)之Filebeat

    Filebeat是轻量级单用途的日志收集工具,用于在没有安装java的服务器上专门收集日志,可以将日志转发到logstash.elasticsearch或redis等场景中进行下一步处理. 官方文档: ...

  8. ELKStack入门篇(三)之logstash收集日志写入redis

    1.部署Redis 1.1.下载redis [root@linux-node2 ~]# wget http://download.redis.io/releases/redis-4.0.6.tar.g ...

  9. spring boot入门篇

    Spring Boot[快速入门]   Spring Boot 概述 Build Anything with Spring Boot:Spring Boot is the starting point ...

随机推荐

  1. cocos2d-x中关于打包成APK的问题

    转载自:http://blog.csdn.net/u013315178/article/details/51254630 之前在网上看了很多的帖子大多数用ide 来打包 太麻烦了 而且一般没有人现场指 ...

  2. 3、Spring Cloud - Eureka(构建服务端/客户端)

    3.1.Eureka简介 3.1.1.什么是 Eureka 和Consul.Zookeeper 类似, Eureka 是一个用于服务注册和发现的组件,最开始主要应用 于亚马逊公司旗下的云计算服务平台 ...

  3. 2、Web Service-术语

    1.Java中的Web Service规范 三种规范:JAXM&SAAJ.JAX-WS(JAX-RPC).JAX-RS. 三要素:soap,wsdl,uddi 1. Jaxws(掌握) JAX ...

  4. 了解Session的本质

    有一点我们必须承认,大多数web应用程序都离不开session的使用.这篇文章将会结合php以及http协议来分析如何建立一个安全的会话管理机制. AD: 有一点我们必须承认,大多数web应用程序都离 ...

  5. Kali-linux攻击路由器

    前面介绍的各种工具,都是通过直接破解密码,来连接到无线网络.由于在一个无线网络环境的所有设备中,路由器是最重要的设备之一.通常用户为了保护路由器的安全,通常会设置一个比较复杂的密码.甚至一些用户可能会 ...

  6. list详解

    #include <iostream> #include <vector> #include <list> std::list<std::string> ...

  7. IntelliJ IDEA隐藏不想看到的文件或文件夹

    打开IntelliJ IDEA,File -> Settings -> Editor -> File Types 在红框部分加上你想过滤的文件或文件夹名

  8. Reading Fast Packet Processing A Survey

    COMST 2018 主要内容 这是一篇有关快速包转发的综述,先介绍了包转发的有关基础知识和背景,具体介绍了包转发的主流方法,对这些方法进行了细致详尽的比较,最后介绍了最新的方法和未来的研究方向. 包 ...

  9. iOS 隐私政策

    我们深知个人信息对您的重要性,您的信任对我们非常重要.本应用尊重并保护所有使用服务用户的个人隐私权.您在使用我们的产品与/或服务时,我们可能会收集和使用您的相关信息.我们将按法律法规要求,采取相应安全 ...

  10. 一个input输入内容监听联动的demo

    两个input,一个在其中一个输入,内容在另一个input中实时回显 代码如下 <!DOCTYPE html> <html> <head> <title> ...