一、环境介绍
 
单位需要分析tomcat 日志和业务日志,比较以后还是选择用ELK 来进行日志的分析,以及可视化的展示。
系统环境
服务器:
1、AWS EC2 2C8G
[root@ip-10-0-10-229 ~]cat /etc/redhat-release

CentOS Linux release 7.7.1908 (Core)

[root@ip-10-0-10-229 ~]uname -a

Linux elk-server 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

  

2、JDK版本
jdk版本要求9版本以上的
[root@ip-10-0-10-229 ~]java  -version

openjdk version "13.0.1" 2019-10-15

OpenJDK Runtime Environment AdoptOpenJDK (build 13.0.1+9)

OpenJDK 64-Bit Server VM AdoptOpenJDK (build 13.0.1+9, mixed mode, sharing)

  

3、ELK 版本
elasticsearch 7.5.0

kibana 7.5.0

logstash 7.5.0

  

4、JDK 安装包
#附上一个JAVA 下载地址,当然你也可以不用,elasticsearch7.5中包含有java所以只需要设置变量即可

wget https://download.java.net/java/GA/jdk11/13/GPL/openjdk-11.0.1_linux-x64_bin.tar.gz

/etc/profile

#文末添加以下配置

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

export JAVA_HOME=/usr/share/elasticsearch/jdk

export PATH=$JAVA_HOME/bin:$PATH

export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

#使变量生效

source /etc/profile

  

5、ELK 安装包
官网的包下载实在是太慢,这个包是在aws 的S3桶里的
wget https://rgc-solution-server-validation.s3.cn-north-1.amazonaws.com.cn/xuewenlong/elasticsearch-7.5.0-x86_64.rpm

wget https://rgc-solution-server-validation.s3.cn-north-1.amazonaws.com.cn/xuewenlong/kibana-7.5.0-x86_64.rpm

wget https://rgc-solution-server-validation.s3.cn-north-1.amazonaws.com.cn/xuewenlong/logstash-7.5.0.rpm

  

二、elasticsearch安装
 
1、安装elasticsearch
rpm -ivh elasticsearch-7.5.0-x86_64.rpm

  

2、修改elasticsearch配置文件
[root@ip-10-0-10-229 ~]# cat /etc/elasticsearch/elasticsearch.yml |grep  -v "^#"

#数据存储路径

path.data: /var/lib/elasticsearch

#日志存储路径

path.logs: /var/log/elasticsearch

#服务端口

http.port: 9200

#集群名

cluster.name: elk-cluster

#node名

node.name: elk-1

#集群master需要和node名设置一致

cluster.initial_master_nodes: ["node-1"]

network.host: 10.0.10.229

#xpack密码配置

xpack.security.enabled: true

xpack.license.self_generated.type: basic

xpack.security.transport.ssl.enabled: true

#elasticsearch-head插件

http.cors.enabled: true

http.cors.allow-origin: "*"

http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE

http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"

#可选优化配置

#设置单个request请求的内存熔断限制,默认是jvm堆的60%(es7.0引入了新的内存熔断机制,会智能判断,规避OOM)。

indices.breaker.request.limit: 10%

#query请求可使用的jvm内存限制,默认是10%。

indices.queries.cache.size: 20%

#查询request请求的DSL语句缓存,被缓存的DSL语句下次请求时不会被二次解析,可提升检索性能,默认值是1%。

indices.requests.cache.size: 2%

#设置字段缓存的最大值,默认无限制。

indices.fielddata.cache.size: 30%

#用来对索引数据进行冷热分离,需要注意的是 setting 中也要进行相关配置

#"index.routing.allocation.require.box_type": "hot"

node.attr.box_type: hot

  

重点
3、设置elasticsearch的jave目录
手动安装java需设置
使用es自带的java无需设置,版本的问题不知道是不是因为一开始用JDK8 没有设置路径的问题,可测试下
4、修改配置文件
[root@ip-10-0-10-229 ~]cat /etc/sysconfig/elasticsearch |grep  JAVA

  

5、X-Pack设置密码访问
[root@ip-10-0-10-229 elasticsearch]# cat /etc/elasticsearch/elasticsearch.yml |grep  -v "^#"

path.data: /var/lib/elasticsearch

path.logs: /var/log/elasticsearch

http.port: 9200

cluster.name: elk-cluster

node.name: elk-1

cluster.initial_master_nodes: ["node-1"]

network.host: 10.0.10.229

xpack.security.enabled: true

xpack.license.self_generated.type: basic

xpack.security.transport.ssl.enabled: true

[root@ip-10-0-10-229 elasticsearch]# systemctl  restart elasticsearch

[root@ip-10-0-10-229 elasticsearch]# systemctl  status  elasticsearch

● elasticsearch.service - Elasticsearch

   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2020-06-08 01:51:52 UTC; 7s ago

     Docs: http://www.elastic.co

 Main PID: 5453 (java)

   CGroup: /system.slice/elasticsearch.service

           ├─5453 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.enco...

           └─5548 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Jun 08 01:51:37 ip-10-0-10-229.cn-north-1.compute.internal systemd[1]: Starting Elasticsearch...

Jun 08 01:51:37 ip-10-0-10-229.cn-north-1.compute.internal elasticsearch[5453]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely... release.

Jun 08 01:51:52 ip-10-0-10-229.cn-north-1.compute.internal systemd[1]: Started Elasticsearch.

Hint: Some lines were ellipsized, use -l to show in full.

[root@ip-10-0-10-229 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.

You will be prompted to enter passwords as the process progresses.

Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:

Reenter password for [elastic]:

Enter password for [apm_system]:

Reenter password for [apm_system]:

Enter password for [kibana]:

Reenter password for [kibana]:

Enter password for [logstash_system]:

Reenter password for [logstash_system]:

Enter password for [beats_system]:

Reenter password for [beats_system]:

Enter password for [remote_monitoring_user]:

Reenter password for [remote_monitoring_user]:

Changed password for user [apm_system]

Changed password for user [kibana]

Changed password for user [logstash_system]

Changed password for user [beats_system]

Changed password for user [remote_monitoring_user]

Changed password for user [elastic]

  

5、启动 elasticsearch
systemctl start elasticsearch

systemctl enable elasticsearch

  

6、检测是否启动
elasticsearch 启动之后有时候会退出,这个时候有检查下内存是否够用或者适当的增加配置
[root@ip-10-0-10-229 ~]# netstat -pntl |grep  java

tcp6    0    0   10.0.10.229:9200    :::*     LISTEN   13898/java

tcp6    0    0   10.0.10.229:9300    :::*     LISTEN   13898/java

[root@ip-10-0-10-229 ~]curl 10.0.10.229:9200

{

  "name" : "node-1",

  "cluster_name" : "my-es",

  "cluster_uuid" : "FhHOQO2MQbWRX0MiTRFF6g",

  "version" : {

    "number" : "7.5.0",

    "build_flavor" : "default",

    "build_type" : "rpm",

    "build_hash" : "e9ccaed468e2fac2275a3761849cbee64b39519f",

    "build_date" : "2019-11-26T01:06:52.518245Z",

    "build_snapshot" : false,

    "lucene_version" : "8.3.0",

    "minimum_wire_compatibility_version" : "6.8.0",

    "minimum_index_compatibility_version" : "6.0.0-beta1"

  },

  "tagline" : "You Know, for Search"

}

  

7、安装elasticsearch-head插件
在elasticsearch.yml文末中增加以下配置解决跨域访问的问题
http.cors.enabled: true

http.cors.allow-origin: "*"

http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE

http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"

git clone git://github.com/mobz/elasticsearch-head.git

cd elasticsearch-head

npm install

npm run start

open http://localhost:9100/

  

 
二、安装kibana
1、安装 kibana
rpm -ivh kibana-7.5.0-x86_64.rpm

  

2、修改配置文件
[root@ip-10-0-10-229 ~]# cat /etc/kibana/kibana.yml |grep  -v "^#"

server.port: 5601

server.host: "10.0.10.229"

logging.dest: /var/log/kibana/kibana.log

elasticsearch.hosts: ["http://10.0.10.229:9200/"]

kibana.index: ".kibana"

elasticsearch.username: "kibana"

elasticsearch.password: "bsh@123"

i18n.locale: "zh-CN"

  

重点
7版本elasticsearch.hosts的配置在6版本里面为elasticsearch.url 需要配置正确否则message日志会报错
FATAL  Error: [elasticsearch.url]: definition for this key is missing

  

3、启动
systemctl start kibana

systemctl enable kibana

  

web页面查看,还没有索引
三、logstash安装配置
1、安装logstash
rpm -vih logstash-7.5.0.rpm

  

2、写一个配置文件收集系统日志
[root@ip-10-0-10-229 ~]cat /etc/logstash/conf.d/file.conf

 input{

  file{

    path => ["/var/log/messages"]

    type => "system-log"

    start_position => "beginning"

  }

}

filter{

}

output{

  elasticsearch{

    hosts => ["10.0.10.229:9200"]

    index => "system-log-%{+YYYY.MM}"

    user => "elastic"

    password => "xuewenlong@123"

  }

}

  

3、启动放置在后台
    /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/file.conf &

  

4、把日志添加至kiban展示
 
 
ELK7 搭建完成
 
四、收集tomcat access 日志
登录tomcat server下载logstash安装包
1、安装 logstash
wget https://rgc-solution-server-validation.s3.cn-north-1.amazonaws.com.cn/xuewenlong/logstash-7.5.0.rpm

rpm -i  logstash-7.5.0.rpm

  

2、添加日志文件
[root@ip-tomcat ~]#cat /etc/logstash/conf.d/miniprogram-prod-access-bz.conf

 input{

  file{

    path => ["/home/bsh/tools/apache-tomcat-8.5.23/logs/localhost_access_log*.log"]

    type => "access"

    start_position => "beginning"

    codec => "json"

  }

  file{

    path => ["/home/ec2-user/homeconnect/logs/AspectLog/aspect.log"]

    type => "aspect"

    start_position => "beginning"

    codec => "json"

  }

}

filter{

mutate {

    convert => ["Request time", "float"]

    }

        if [ip] != "-" {

        geoip {

                       source => "ip"

                        target => "geoip"

                       # database => "/usr/share/GeoIP/GeoIPCity.dat"

                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

                }

                   mutate {

                        convert => [ "[geoip][coordinates]", "float"]

                }

        }

 }

output{

  if [type] == "aspect" {

    elasticsearch {

    hosts => ["10.0.10.229:9200"]

    index => "logstash-miniprogram-uat-aspect-bz.log.%{+YYYY.MM}"

    user => "elastic"

    password => "xuewenlong@123"

        }

    }

  if [type] == "access" {

    elasticsearch {

    hosts => ["10.0.10.229:9200"]

    index => "logstash-miniprogram-uat-access-bz.log.%{+YYYY.MM}"

    user => "elastic"

    password => "xuewenlong@123"

        }

  }

}

  

3、添加索引
 
4、登录tomcat 页面测试下日志
 
 
  xuewenlong|雪文龙

Centos7.x RPM安装ELK 7.5.0的更多相关文章

  1. Linux(CentOS7)下rpm安装MySQL8.0.16

    记录一下自己在 CentOS7 下 rpm 安装 MySQL8.0.16 的过程. 一.准备工作 1. 下载MySQL所需要的安装包 从 MySQL官网 下载,上传至 CentOS 系统 /usr/l ...

  2. 在Linux上rpm安装运行Redis 3.0.4

    http://www.rpmfind.net搜索redis,找到redis3.0.4的rpm源选做 wget ftp://fr2.rpmfind.net/linux/remi/enterprise/6 ...

  3. Centos7.5 rpm安装zabbix_agent4.0.3

    1.下载并且安装 cd /data/tools/ ##切换到下载客户端目录 wget http://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-ag ...

  4. CentOS7使用rpm安装mysql5.7

    第一步.前往mysql官网下载所需的版本 Mysql5.7的rpm包下载地址为https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.26-1. ...

  5. Centos7下编译安装php扩展redis5.0.2

    安装环境:centos7 + php 7.2.191. 下载地址:http://pecl.php.net/get/redis-5.0.2.tgz .tgz http://pecl.php.net/ge ...

  6. k8s 安装ELK(6.7.0版本)和EFK

    一.Elasticsearch安装 helm安装的也行,而且helm安装的stable/elasticsearch可用性更高,但是使用资源更多. 1.安装elasticsearch(线上环境千万记得把 ...

  7. [Linux]centOS7下RPM安装Perl

    1.下载rpm依赖包,依照顺序安装. perl-parent-0.225-244.el7.noarch   perl-HTTP-Tiny-0.033-3.el7.noarch   perl-podla ...

  8. CentOS7.5下安装Mycat连接MySQL8.0

    MyCat详细介绍,请参考https://www.biaodianfu.com/mycat.html 9066管理端口,请参考https://www.cnblogs.com/parryyang/p/5 ...

  9. centos7.2上安装python3和pip19.0.3

    安装libressl 下载地址: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz 或者 :https://pan. ...

随机推荐

  1. 你了解C#的协变和逆变吗

    从C# 4.0开始,泛型接口和泛型委托都支持协变和逆变,由于历史原因,数组也支持协变. 里氏替换原则:任何基类可以出现的地方,子类一定可以出现. 协变(out) 协变:即自然的变化,遵循里氏替换原则, ...

  2. appium——如何导出夜神模拟器下载“微信”app的apk

    背景:夜神模拟器是一款功能强大的安卓模拟器,但是当我们在上面下载APP应用后,通常不知道apk文件在哪里,下面以“微信”APP为例做一下详细介绍. 一般情况下,使用夜神安卓模拟器下载的文件只能在夜神安 ...

  3. ES6---面向对象上的简化

    一.ES6---面向对象上的简化 1.单个对象提供了2处简化: 1.1 如果对象的属性来自于对象外的变量,且变量名刚好和属性名相同.则不用写两遍相同的名字, 只要写一遍即可. 1.2 所有对象的方法, ...

  4. scrapy爬取效率提升配置

    增加并发: 默认scrapy开启的并发线程为32个,可以适当进行增加.在settings配置文件中修改CONCURRENT_REQUESTS = 100值为100,并发设置成了为100. 降低日志级别 ...

  5. jsp 循环数字

    <c:forEach var ="i" begin="1" end="${homeexamque.optionNum}" step=& ...

  6. asp.net MVC3.0 中@Html.Partial,@Html.Action,@Html.RenderPartial,@Html.RenderAction

    asp.net MVC3.0 中@Html.Partial,@Html.Action,@Html.RenderPartial,@Html.RenderAction 1.带有Render的方法返回值是v ...

  7. 一文读懂Java注解

    什么是注解 Java官方文档上说,注解是元数据的一种形式,它提供不属于程序一部分的数据,注解对被注解的代码没有直接的影响. 准确上说,注解只不过是一种特殊的注释而已,如果没有解析它的代码,它可能连注释 ...

  8. 【Java_Eclipse】Eclipse插件如何卸载?

    本博客我们讲一下对于Eclipse的插件卸载 1.Eclipse中:Window——Install  New  SoftWare 2.找到相应插件卸载即可

  9. 如何在手机上预览本地h5页面

    很简洁的一个方法: 1.安装nodeJS环境 2.在当前所在项目文件夹下输入命令: npm install anywhere -g3.输入命令: anywhere,即可在浏览器以本机ip地址为域名,自 ...

  10. ShoneSharp语言(S#)的设计和使用介绍系列(8)— 最炫“公式”风

    ShoneSharp语言(S#)的设计和使用介绍 系列(8)— 最炫“公式”风 作者:Shone 声明:原创文章欢迎转载,但请注明出处,https://www.cnblogs.com/ShoneSha ...