ELK企業級日志分析平臺—

ELK企業級日志分析平臺——ES集群監控

啟用xpack認證

官網：https://www.elastic.co/guide/en/elasticsearch/reference/7.6/configuring-tls.html#node-certificates

在elk1上生成證書

[root@elk1 ~]# cd /usr/share/elasticsearch/[root@elk1 elasticsearch]# bin/elasticsearch-certutil ca[root@elk1 elasticsearch]# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12[root@elk1 elasticsearch]# cp elastic-certificates.p12 /etc/elasticsearch[root@elk1 elasticsearch]# cd /etc/elasticsearch/[root@elk1 elasticsearch]# chown elasticsearch elastic-certificates.p12

[root@elk1 elasticsearch]# vim elasticsearch.yml...
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Typexpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

[root@elk1 elasticsearch]# systemctl  restart elasticsearch.service

拷貝證書到其它集群節點

[root@elk1 elasticsearch]# scp elastic-certificates.p12 server2:/etc/elasticsearch/[root@elk1 elasticsearch]# scp elastic-certificates.p12 server3:/etc/elasticsearch/

elk2配置

[root@elk2 ~]# chown elasticsearch /etc/elasticsearch/elastic-certificates.p12[root@elk2 ~]# vim /etc/elasticsearch/elasticsearch.yml...
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12[root@elk2 ~]# systemctl  restart elasticsearch.service

elk3配置

[root@elk3 ~]# chown elasticsearch /etc/elasticsearch/elastic-certificates.p12[root@elk3 ~]# vim /etc/elasticsearch/elasticsearch.yml...
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12[root@elk3 ~]# systemctl  restart elasticsearch.service

等待所有集群節點重啟成功后，設置認證賬戶密碼

[root@elk1 elasticsearch]# cd /usr/share/elasticsearch/[root@elk1 elasticsearch]# bin/elasticsearch-setup-passwords interactive

交互式輸入密碼

ES啟用xpack之后，其它服務都需要配置認證

elasticsearch-head插件

head插件在訪問時，需要在url中輸入用戶和密碼

[root@k8s1 ~]# cd elasticsearch-head-master/[root@k8s1 elasticsearch-head-master]# npm run start &

訪問:192.168.92.11:9100/?auth_user=elastic&auth_password=westos

cerebro插件

cerebro訪問：

[root@k8s1 ~]# docker start cerebro

訪問：192.168.92.11:9000

kibana訪問

[root@elk5 kibana]# vim kibana.yml
...
elasticsearch.username: "kibana"
elasticsearch.password: "westos"[root@elk5 kibana]# systemctl  restart kibana.service

metricbeat監控

官網：https://www.elastic.co/guide/en/elasticsearch/reference/7.6/configuring-metricbeat.html

首先使用內部檢測，然后進入設置模式

選擇啟動metricbeat的節點，然后根據提示步驟操作

安裝軟件

[root@elk1 ~]# rpm -ivh metricbeat-7.6.1-x86_64.rpm

啟動elasticsearch-xpack模塊

[root@elk1 ~]# cd /etc/metricbeat/modules.d[root@elk1 modules.d]# metricbeat modules enable elasticsearch-xpack

編輯elasticsearch-xpack模塊配置文件

[root@elk1 modules.d]# vim elasticsearch-xpack.yml- module: elasticsearchmetricsets:- ccr- cluster_stats- enrich- index- index_recovery- index_summary- ml_job- node_stats- shardperiod: 10shosts: ["http://localhost:9200"]username: "remote_monitoring_user"password: "westos"xpack.enabled: true

編輯metricbeat配置文件

[root@elk1 modules.d]# cd ..[root@elk1 metricbeat]# vim metricbeat.yml...
output.elasticsearch:hosts: ["http://192.168.56.11:9200"]username: "elastic"password: "westos"

啟動metricbeat服務

[root@elk1 metricbeat]# systemctl enable --now metricbeat.service

其它節點依次類推

最后退出設置模式

kibana?監控

安裝軟件

[root@elk5 ~]# rpm -ivh metricbeat-7.6.1-x86_64.rpm

啟動kibana-xpack模塊

[root@elk5 ~]# cd /etc/metricbeat/modules.d/[root@elk5 ~]# metricbeat modules enable kibana-xpack

編輯kibana-xpack模塊配置文件

[root@elk5 modules.d]# vim kibana-xpack.ymlusername: "elastic"password: "westos"

編輯metricbeat配置文件

[root@elk5 modules.d]# cd ..[root@elk5 metricbeat]# vim metricbeat.ymlhosts: ["http://192.168.92.31:9200"]username: "elastic"
password: "westos"

啟動metricbeat服務

[root@elk5 ~]# systemctl enable --now metricbeat.service

禁用內部檢測

[root@elk5 ~]# vim /etc/kibana/kibana.ymlxpack.monitoring.kibana.collection.enabled: false

重啟kibana服務

[root@elk5 ~]# systemctl restart kibana.service

filebeat日志采集

文檔：https://www.elastic.co/guide/en/beats/filebeat/7.6/filebeat-module-elasticsearch.html

安裝軟件

[root@elk1 ~]# rpm -ivh filebeat-7.6.1-x86_64.rpm

啟動elasticsearch模塊

[root@elk1 ~]# cd /etc/filebeat/modules.d[root@elk1 modules.d]# filebeat modules enable elasticsearch

編輯elasticsearch模塊配置文件

[root@elk1 modules.d]# vim elasticsearch.yml- module: elasticsearch# Server logserver:enabled: true# Set custom paths for the log files. If left empty,# Filebeat will choose the paths depending on your OS.var.paths:- /var/log/elasticsearch/*.log          # Plain text logs- /var/log/elasticsearch/*_server.json  # JSON logsgc:enabled: true# Set custom paths for the log files. If left empty,# Filebeat will choose the paths depending on your OS.var.paths:- /var/log/elasticsearch/gc.log.[0-9]*- /var/log/elasticsearch/gc.logaudit:enabled: true# Set custom paths for the log files. If left empty,# Filebeat will choose the paths depending on your OS.var.paths:- /var/log/elasticsearch/*_access.log  # Plain text logs- /var/log/elasticsearch/*_audit.json  # JSON logsslowlog:enabled: true# Set custom paths for the log files. If left empty,# Filebeat will choose the paths depending on your OS.var.paths:- /var/log/elasticsearch/*_index_search_slowlog.log     # Plain text logs- /var/log/elasticsearch/*_index_indexing_slowlog.log   # Plain text logs- /var/log/elasticsearch/*_index_search_slowlog.json    # JSON logs- /var/log/elasticsearch/*_index_indexing_slowlog.json  # JSON logsdeprecation:enabled: true# Set custom paths for the log files. If left empty,# Filebeat will choose the paths depending on your OS.var.paths:- /var/log/elasticsearch/*_deprecation.log   # Plain text logs- /var/log/elasticsearch/*_deprecation.json  # JSON logs

編輯filebeat配置文件

[root@elk1 modules.d]# cd ..[root@elk1 filebeat]# vim filebeat.yml...
output.elasticsearch:hosts: ["http://192.168.92.31:9200"]username: "elastic"password: "westos"

啟動filebeat服務

[root@elk1 filebeat]# systemctl  enable --now filebeat.service

其它節點依次類推

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/news/164599.shtml
繁體地址，請注明出處：http://hk.pswp.cn/news/164599.shtml
英文地址，請注明出處：http://en.pswp.cn/news/164599.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！