ELK Centralized log analysis Windows Deployment combat

Step by step

1. Download the Software

Elasticsearch:https://download.elasticsearch.org/...p/elasticsearch/2.0.0/elasticsearch-2.0.0.zip
Logstash:https://download.elastic.co/logstash/logstash/logstash-2.0.0.zip
Kibana:https://download.elastic.co/kibana/kibana/kibana-4.2.0-windows.zip

2. Unzip the downloaded software separately, Elasticsearch,logstash,kibana can be placed in a unified folder

3. Download the JDK, install the Java environment, add the installation path to the JAVA_HOME environment variable

4. Configure Logstash, CD to the lower bin directory of the Logstash folder

Create profile logstash.conf, the content is as follows, specifically not explained (from the TCP 5544 Port received, sent to the ES server, a very simple configuration)

Input {  TCP {    port = 5544  }}output {  Elasticsearch {    hosts = = ["localhost:9200"]  }}

5. Install Elasticsearch for Windows services

CD to the bin directory of the Elasticsearch folder

CMD running the service install, will prompt for installation success

CMD running Service Manager will pop up the services management interface, you can set up auto start and start it.

The browser accesses the 127.0.0.1:9200, and a successful JSON appears

6 Installing Logstash for Windows services

CD to Logstash folder under Bin directory

Create a Run.bat

Logstash.bat agent-f logstash.conf

Download NSSM

Https://nssm.cc/release/nssm-2.24.zip

Unzip the copy Nssm-2.24\win64 directory under Nssm.exe to Logstash Bin directory

CMD run NSSM install Logstash

In the Popup interface set path for the Run.bat,details tab to set the display name, the Dependencies tab sets the dependent service elasticsearch-service-x64

Finally click Install Service installation succeeded

7. Install Kibana for Windows services

Copy the Nssm file as before, the installation service path is Kibana.bat, and the dependencies can be set logstash,elasticsearch-service-x64

7.1 Optional installation of reverse proxy software The ARR module of the Nginx,iis 5601-Port Shield

8. In the Control Panel, start the previous installation of the three services, next we can test the next

Telnet 127.0.0.1 5544 just lose something, and enter.

Opening http://localhost:5601/with a browser prompts you to create INDEX, which you can create by time. On the Discover tab you will see the meaningless ASCII characters you just tapped in Telnet

Very simple not, production environment or to operations to deploy a Linux version of it

After more complex configuration and practice handed to everyone to explore, hehe

ELK Centralized log analysis Windows Deployment combat