1、首先拉軟件包,基於java語言開發首先配置java環境,centos7不用、推薦4G運行內存
2、首先安裝elasticsearch-6.6.0.rpm
rpm -ivh elasticsearch-6.6.0.rpm
3、修改elasticsearch配置,並啓動elasticsearch
vim /etc/elasticsearch/elasticsearch.yml
systemctl start elasticsearch
4、安裝kibana
rpm -ivh kibana-6.6.0-x86_64.rpm
5、修改kibana配置、並啓動kibana
vim /etc/kibana/kibana.yml
systemctl start kibana
6、安裝logstash過濾收集工具,和客戶端有點相似
rpm -ivh logstash-6.6.0.rpm
7、配置logstash、並啓動logstash、記得監控日誌時給日誌加權限
chmod 644 /var/log/messages
vim /etc/logstash/conf.d/system.conf
systemctl start logstash
8、效果出現索引
二、原有基礎上
1、監聽nginx日誌,配置nginx源、yum安裝nginx,並啓動nginx
vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
yum -y install nginx
systemctl start nginx
2、配置logstash配置、定義配置規則NIGNXACCESS,用來配置nginx過濾訪問日誌,記住加權限
cd /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/
vim nginx_access
URIPARAM1 [A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*
NGINXACCESS %{IPORHOST:client_ip} (%{USER:ident}|- ) (%{USER:auth}|-) \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} (%{NOTSPACE:request}|-)(?: HTTP/%{NUMBER:http_version})?|-)" %{NUMBER:status} (?:%{NUMBER:bytes}|-) "(?:%{URI:referrer}|-)" "%{GREEDYDATA:agent}"
chmod 644 /var/log/nginx/access.log
vim /etc/logstash/conf.d/system.conf
3、重啓logstash
systemctl restart logstash
4、重啓logstash後訪問nginx頁面產生日誌,nginx索引纔會出現
4、要記住nginx日誌格式是否開啓,yum安裝日誌默認打開
vim /etc/nginx/nginx.conf
nginx頁面最好做完之後,刷新幾次產生日誌