CentOS 7.x Installation Elk (Elasticsearch+logstash+kibana)

First heard elk, is Sina's @argv introduction internal use elk situation and scene, at that time touched very big, originally have so convenient way to collect log and show, have such tool, you do bad thing, delete log, it has no effect.

A lot of companies say they are concerned about security, but they have not seen and watched the logs of their servers, which is a bit ironic. Manage the logs first, and then we'll discuss security in depth.

Mirantis's fuel, has introduced elk as a monitoring tool for OpenStack, so we also need to focus on learning about elk.

Just see a foreigner's video, the introduction of CentOS 7 installation elk, speak very real, at least I prefer this form.

Video address http://yunpan.cn/cd5feBr4diFDn access password 019a The contents of the document, I basically completely copy the content of the video.

Try to verify it again, by the way, the CentOS 7 is also familiar, it is really the first time in the CentOS7 down loading things. There is still a problem with the document. is being perfected. are using the latest version of the software. Kibana, it is estimated that you need to devote a lot of effort to the configuration to achieve a good presentation.

Contents [Hide]

• 1 Basic Introduction
• 2 installation process
  • 2.1 Preparation
  • 2.2 Installing Java
  • 2.3 Elasticsearch
  • 2.4 Kibana

Basic Introduction

Elasticsearch is currently the latest version of 1.7.1,

Logstash is currently the latest version of 1.5.3

Kibana is currently the latest version: 4.1.1

Logstash forwarder, currently the latest version is 0.4.0

installation Process

Create a virtual machine CentOS7.1, assign a public IP, to test

Prepare

Viewing the operating system version

Cat/etc/redhat-release CentOS Linux release 7.1.1503 (Core)

View SELinux Status

Sestatusselinux Status:                 disabled

Fqdn

Set the FQDN, in fact there are two ways, http://www.opsers.org/base/linux-fqdn-set.html this friend summed up very well.

Remember: You need to create an SSL certificate, this is a must-do

Cat/etc/hostname#i-2053f7hjelk

# cat/etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost Localhost.localdomain LOCALHOST6 localhost6.localdomain6# hostname loopback address127.0.1.1       i-2053f7hj10.70.26.187    elk.chenshake.com       Elk

And then run

Hostname-f/etc/hostname

At this point you can view your FQDN name

# hostname-felk.chenshake.com# Hostnameelk

Installing firewall

CentOS7 has a major change, with FIREWALLD to replace iptables, everyone is accustomed to iptables, so the default image of Qingyun, is to use iptables, no installation firewalld.

Yum install Firewalld firewall-configsystemctl start Firewalld.servicesystemctl enable Firewalld.servicesystemctl Status Firewalld

See if it takes effect

Firewall-cmd--state

Installing Java

Yum Install JAVA-1.7.0-OPENJDK

Elasticsearch

wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.1.noarch.rpm

Installation

Yum Localinstall elasticsearch-1.7.1.noarch.rpm

Start related services

Do as you are prompted.

Systemctl daemon-reloadsystemctl Enable elasticsearch.servicesystemctl start Elasticsearchsystemctl status Elasticsearch

View Elasticsearch's configuration file

# RPM-QC Elasticsearch/etc/elasticsearch/elasticsearch.yml/etc/elasticsearch/logging.yml/etc/init.d/ elasticsearch/etc/sysconfig/elasticsearch/usr/lib/sysctl.d/elasticsearch.conf/usr/lib/systemd/system/ Elasticsearch.service/usr/lib/tmpfiles.d/elasticsearch.conf

View Port Usage

# netstat-nltpactive Internet connections (only servers) Proto recv-q send-q Local address           Foreign address         state< C2/>pid/program name    TCP        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      606/sshd            tcp6       0      0 ::: 9200                 :::*                    LISTEN      3051/java           tcp6       0      0::: 9300                 :::*                    LISTEN      3051/ Java           tcp6       0 0::: $:                   ::*                    LISTEN      606/sshd

Firewalls open ports with 9200 and 9300 ports

Firewall-cmd--permanent--add-port={9200/tcp,9300/tcp}firewall-cmd--reload

View Firewall port conditions

# Firewall-cmd--list-allpublic (default, Active)  interfaces:eth0  sources:   services:dhcpv6-client SSH  ports:9200/tcp 9300/tcp  masquerade:no  forward-ports:   icmp-blocks:   Rich rules:

Kibana

Download the TAR Package

wget https://download.elastic.co/kibana/kibana/kibana-4.1.1-linux-x64.tar.gz

Extract

Tar zxf kibana-4.1.1-linux-x64.tar.gz-c/usr/local/cd/usr/local/mv kibana-4.1.1-linux-x64 Kibana

Create a startup file

Create a Kibana.service file.

Cat >/etc/systemd/system/kibana.service <<eof[service]execstart=/usr/local/kibana/bin/kibana[install] Wantedby=multi-user.targeteof

Start the Kibana service

Systemctl Enable Kibanasystemctl start Kibanasystemctl status Kibana

View ports

# netstat-nltpactive Internet connections (only servers) Proto recv-q send-q Local address           Foreign address         state< C2/>pid/program name    TCP        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      3830/node           TCP        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      977/sshd            tcp6       0      0::: 9200                 :::*                    LISTEN      978/java            tcp6       0      0::: 9300                 :::*                    LISTEN      978/java            tcp6       0      0::: +                   :::*                    LISTEN      977/sshd

The operation process is essentially the same as opening 5601 ports

Firewall-cmd–permanent–add-port=5601/tcp Firewall-cmd–reload Firewall-cmd–list-all

This time, visit%9

CentOS 7.x Installation Elk (Elasticsearch+logstash+kibana)