怎么用中間組件配置ELK+logback搭建日志系統(tǒng)
本篇內(nèi)容主要講解“怎么用中間組件配置ELK+logback搭建日志系統(tǒng)”��,感興趣的朋友不妨來看看��。本文介紹的方法操作簡單快捷��,實用性強��。下面就讓小編來帶大家學習“怎么用中間組件配置ELK+logback搭建日志系統(tǒng)”吧!
主營項目接口文檔
中間組件配置 ELK+logback搭建日志系統(tǒng)
開始研究ES��,當前ES的最新版本為5.6.3��,版本5.0.1以上jdk為1.8,緩存服務(wù)器用的redis
本篇會記錄ES5.1.1 + Kibana -5.6.3 + es-head插件在Linux環(huán)境上安裝操作步驟��。
首先��,去Elastic官網(wǎng) https://www.elastic.co/downloads ��,下載頁有所有Elastic的產(chǎn)品��,都是最新的版本(版本號還一致)��。
一��、elasticsearch安裝��,下載完成后��,全部解壓��,使用unzip和tar -xvzf
(一)��、 首先嘗試去啟動 elasticsearch��,到 elasticsearch 的bin目錄下��,執(zhí)行./elasticseharch��。如果遇到下面的錯誤:
(二) ��、說明是用root賬戶來啟動的��,因為ES是沒有權(quán)限限制的,還可以接收用戶的腳本��,所有用root賬戶很不安全��,需要新建一個賬戶來啟動��。
命令執(zhí)行如下
# adduser es
# passwd es123456
用root 給新建用戶賦予權(quán)限
1��、進入bin目錄下執(zhí)行chmod +x elasticsearch
2��、chown es.es -R /opt/elasticsearch-5.1.1
3��、切換到新建用戶
# su es
4��、修改vm.map 限制
vi /etc/sysctl.conf vm.max_map_count=262144
5��、進入bin目錄 執(zhí)行./elasticsearch -d &
然后就可以在命令行中用curl http://localhost:9200?pretty 看看輸出
此時��,ES可以在本地訪問��,但是用瀏覽器遠程的話��,還是無法訪問的,因為相應(yīng)的端口沒有打開
(三)��、 修改es配置文件��,進到安裝目錄/config/elasticsearch.yml,將network.host設(shè)置為0.0.0.0并且將訪問端口放開
# ======================== Elasticsearch Configuration =========================
# ---------------------------------- Cluster -----------------------------------
`cluster.name: elk-es`
# ------------------------------------ Node ------------------------------------
node.name: node-1
# ----------------------------------- Paths ------------------------------------
path.data: /data/program/elk/es/data
path.logs: /data/program/elk/es/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# ---------------------------------- Network -----------------------------------
network.host: 10.100.0.222
http.port: 9200
# --------------------------------- Discovery ----------------------------------
接下來重啟es 然后通過瀏覽器外部訪問就可以了
(四)��、啟動執(zhí)行ES存在問題��,./elasticsearch
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] 意思是說你的進程不夠用了
解決方案: 切到root 用戶:進入到security目錄下的limits.conf��;執(zhí)行命令 vim /etc/security/limits.conf 在文件的末尾添加下面的參數(shù)值:
* soft nofile 65536
* hard nofile 131072
* soft nproc 65536
* hard nproc 65536
前面的*符號必須帶上��,然后重新啟動就可以了��。執(zhí)行完成后可以使用命令 ulimit -n 查看進程數(shù)
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 需要修改系統(tǒng)變量的最大值了
[3]:解決方案:切換到root用戶修改配置sysctl.conf 增加配置值: vm.max_map_count=655360 執(zhí)行命令 sysctl -p 這樣就可以了��,然后重新啟動ES服務(wù) 就可以了
(五)��、 啟動執(zhí)行ES文件��,進入到bin 目錄下執(zhí)行 ./elasticsearch 命令就可以了��,執(zhí)行 ./elasticesrarch -d 是后臺運行
如果沒有什么問題話��,就可以安全生成了��;然后執(zhí)行curl 'http://自己配置的IP地址:9200/' 命令��,就出現(xiàn)下面的結(jié)果
{
"name" : "node-1",
"cluster_name" : "elk-es",
"cluster_uuid" : "Q04zG6ESQjyjXvZtVrRysA",
"version" : {
"number" : "6.2.3",
"build_hash" : "c59ff00",
"build_date" : "2018-03-13T10:06:29.741383Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}(六)��、安裝head 插件
[root@redis-node1 elk]# wget https://github.com/mobz/elasticsearch-head/archive/master.zip
--2018-07-10 11:55:41-- https://github.com/mobz/elasticsearch-head/archive/master.zip
Resolving github.com (github.com)... 13.229.188.59, 52.74.223.119, 13.250.177.223
Connecting to github.com (github.com)|13.229.188.59|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/mobz/elasticsearch-head/zip/master [following]
--2018-07-10 11:55:42-- https://codeload.github.com/mobz/elasticsearch-head/zip/master
Resolving codeload.github.com (codeload.github.com)... 54.251.140.56, 13.250.162.133, 13.229.189.0
Connecting to codeload.github.com (codeload.github.com)|54.251.140.56|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 921421 (900K) [application/zip]
Saving to: ‘master.zip’
100%[=====================================================================================>] 921,421 167KB/s in 6.1s
2018-07-10 11:55:51 (147 KB/s) - ‘master.zip’ saved [921421/921421]
[root@redis-node1 es-head]# pwd
/data/program/elk
[root@redis-node1 elk]# unzip master.zip -d ./
[root@redis-node1 elk]# ll
total 904
drwxr-xr-x 6 root root 4096 Sep 15 2017 elasticsearch-head-master
drwxr-xr-x 9 elk elk 188 Jul 10 11:42 es
drwxrwxr-x 13 elk elk 260 Jul 6 12:47 kibana
drwxr-xr-x 12 elk elk 278 Jul 10 10:43 logstash
-rw-r--r-- 1 root root 921421 Jul 10 11:55 master.zip
[root@redis-node1 elk]# mv elasticsearch-head-master es-head
[root@redis-node1 elk]# ll
total 904
drwxr-xr-x 9 elk elk 188 Jul 10 11:42 es
drwxr-xr-x 6 root root 4096 Sep 15 2017 es-head
drwxrwxr-x 13 elk elk 260 Jul 6 12:47 kibana
drwxr-xr-x 12 elk elk 278 Jul 10 10:43 logstash
-rw-r--r-- 1 root root 921421 Jul 10 11:55 master.zip
[root@redis-node1 es-head]# cd es-head
[root@redis-node1 es-head]# pwd
/data/program/elk/es-head
6.2 執(zhí)行head 插件��,需要node.js 的支持��,所以��,下面先安裝一node.js
6.2.1 執(zhí)行命令一:curl -sL https://rpm.nodesource.com/setup_8.x | bash -
curl -sL https://rpm.nodesource.com/setup_8.x | bash -
## Installing the NodeSource Node.js 8.x LTS Carbon repo...
## Inspecting system...
+ rpm -q --whatprovides redhat-release || rpm -q --whatprovides centos-release || rpm -q --whatprovides cloudlinux-release || rpm -q --whatprovides sl-release
+ uname -m
## Confirming "el7-x86_64" is supported...
+ curl -sLf -o /dev/null 'https://rpm.nodesource.com/pub_8.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm'
## Downloading release setup RPM...
+ mktemp
+ curl -sL -o '/tmp/tmp.SgDKQBVM0p' 'https://rpm.nodesource.com/pub_8.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm'
## Installing release setup RPM...
+ rpm -i --nosignature --force '/tmp/tmp.SgDKQBVM0p'
## Cleaning up...
+ rm -f '/tmp/tmp.SgDKQBVM0p'
## Checking for existing installations...
+ rpm -qa 'node|npm' | grep -v nodesource
## Run `sudo yum install -y nodejs` to install Node.js 8.x LTS Carbon and npm.
## You may also need development tools to build native addons:
sudo yum install gcc-c++ make
## To install the Yarn package manager, run:
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn
6.2.2 命令二:yum install -y nodejs
yum install -y nodejs
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
mysql-connectors-community | 2.5 kB 00:00:00
mysql-tools-community | 2.5 kB 00:00:00
mysql57-community-dmr | 2.5 kB 00:00:00
nginx | 2.9 kB 00:00:00
nodesource | 2.5 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/7): epel/x86_64/group_gz | 88 kB 00:00:00
(2/7): epel/x86_64/updateinfo | 926 kB 00:00:00
(3/7): epel/x86_64/primary | 3.5 MB 00:00:00
(4/7): extras/7/x86_64/primary_db | 150 kB 00:00:00
(5/7): updates/7/x86_64/primary_db | 3.6 MB 00:00:00
(6/7): nodesource/x86_64/primary_db | 37 kB 00:00:01
(7/7): nginx/x86_64/primary_db | 35 kB 00:00:02
Determining fastest mirrors
* base: mirrors.zju.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
epel 12605/12605
Resolving Dependencies
--> Running transaction check
---> Package nodejs.x86_64 2:8.11.3-1nodesource will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================
Installing:
nodejs x86_64 2:8.11.3-1nodesource nodesource 17 M
Transaction Summary
===============================================================================================================================
Install 1 Package
Total download size: 17 M
Installed size: 51 M
Downloading packages:
nodejs-8.11.3-1nodesource.x86_64.rpm 8% [=== ] 38 kB/s | 1.4 MB 00:06:56 ETA
warning: /var/cache/yum/x86_64/7/nodesource/packages/nodejs-8.11.3-1nodesource.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 34fa74dd: NOKEY
Public key for nodejs-8.11.3-1nodesource.x86_64.rpm is not installed
nodejs-8.11.3-1nodesource.x86_64.rpm | 17 MB 00:07:52
Retrieving key from file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
Importing GPG key 0x34FA74DD:
Userid : "NodeSource <gpg-rpm@nodesource.com>"
Fingerprint: 2e55 207a 95d9 944b 0cc9 3261 5ddb e8d4 34fa 74dd
Package : nodesource-release-el7-1.noarch (installed)
From : /etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : 2:nodejs-8.11.3-1nodesource.x86_64 1/1
Verifying : 2:nodejs-8.11.3-1nodesource.x86_64 1/1
Installed:
nodejs.x86_64 2:8.11.3-1nodesource
Complete!
[root@redis-node1 ~]# node -v
v8.11.3
[root@redis-node1 ~]# npm -v
5.6.0
[root@redis-node1 ~]#
6.3 安裝grunt ,由于head 插件的執(zhí)行文件是有g(shù)runt 命令來執(zhí)行的��,所以這個命令必須安裝
6.3.1 安裝命令一:npm install grunt --save-dev 命令二:npm install
[root@redis-node1 ~]# npm install grunt --save-dev
npm WARN saveError ENOENT: no such file or directory, open '/root/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/root/package.json'
npm WARN root No description
npm WARN root No repository field.
npm WARN root No README data
npm WARN root No license field.
+ grunt@1.0.3
added 96 packages in 32.604s
[root@redis-node1 ~]# npm install
npm WARN saveError ENOENT: no such file or directory, open '/root/package.json'
npm WARN enoent ENOENT: no such file or directory, open '/root/package.json'
npm WARN root No description
npm WARN root No repository field.
npm WARN root No README data
npm WARN root No license field.
up to date in 0.996s
[root@redis-node1 ~]#
connect: {
server: {
options: {
port: 9100,
`hostname:*`
base: '.',
keepalive: true
}
}
} (function( app, i18n ) {
var ui = app.ns("ui");
var services = app.ns("services");
app.App = ui.AbstractWidget.extend({
defaults: {
base_uri: null
},
init: function(parent) {
this._super();
this.prefs = services.Preferences.instance();
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || **"http://10.100.0.222:9200"**;
if( this.base_uri.charAt( this.base_uri.length - 1 ) !== "/" ) {
// XHR request fails if the URL is not ending with a "/"
this.base_uri += "/";
}6.3.4 最后一個命令: grunt server & 執(zhí)行完成后就OK了
6.3.5 涉及到的問題��,在網(wǎng)頁上無法正常訪問��;查看防火墻是否關(guān)閉
6.3.5.1 執(zhí)行命令service iptables status 查看狀態(tài) ��;直接將防火墻關(guān)閉就好了 執(zhí)行命令service iptables stop 最后執(zhí)行的結(jié)果是這樣的,我沒有配置集群: 注意下面使用的端口號��,不在是9200 了 而是head 插件中的 9100 了 看到上面的出現(xiàn)的健康值了嗎��,說明的連接還是有問題的��,解決方案是修改 cd 命令進入到elasticsearch-5.6.3 /config 文件中 vi elasticsearch.yml 文件下添加 :
http.cors.enabled: true
http.cors.allow-origin: "*"
二��、 第二步現(xiàn)在我們來安裝 logstash��、和相關(guān)環(huán)境配置
(一)��、下載 logstash 安裝包 logstash-6.2.3.zip
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.1.tar.gz
tar -xzf logstash-6.3.1.tar.gz
mv logstash-6.3.1-linux-x86_64 logstash
ch logstash
(二)��、在logback程序config 增加配置文件logback-es.config,內(nèi)容如下 ��;
input {
tcp {
##host:port就是上面appender中的 destination��,這里其實把logstash作為服務(wù)��,開啟9601端口接收logback發(fā)出的消息
host => "100.10.0.222"
port => 9601
#模式選擇為server
mode => "server"
tags => ["logback_trace_id"]
traceId => [" logback_trace_id"]
##格式j(luò)son
codec => json_lines
}
}
output {
elasticsearch {
#ES地址
hosts => "100.10.0.222:9200"
#指定索引名字��,不適用默認的��,用來區(qū)分各個項目
index => "%{[serverName]}-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug}
}(三)��、在logback程序創(chuàng)建啟動腳本命令 touch start.sh ; chmod 744 start.sh
#! /bin/sh
APP_PATH=/data/program/elk/logstash
nohup sh bin/logstash -f $APP_PATH/config/logstash-es.conf > $APP_PATH/logs/logstash-log.log 2>&1 &
echo logstash run
(四)��、在運用程序的配置文件(logback.xml) 增加如下信息:
<include resource="org/springframework/boot/logging/logback/defaults.xml" />
<property resource="application.properties" />
<!--輸出到elk的LOGSTASH-->
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>${gc.server.ip.port}</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" >
<customFields>{"serverName":"${gc.server.project.name}"}</customFields>
</encoder>
</appender>三��、 第三步現(xiàn)在我們來安裝 kibana 程序軟件安裝和配置
(1)��、下載kibana 安裝包 kibana-6.2.3-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.1-linux-x86_64.tar.gz
shasum -a 512 kibana-6.3.1-linux-x86_64.tar.gz
tar -xzf kibana-6.3.1-linux-x86_64.tar.gz
cd kibana-6.3.1-linux-x86_64/
(2)��、解壓和安裝,和配置
[elk@redis-node1 program]$ tar -xvf kibana-6.2.3-linux-x86_64.tar.gz
[elk@redis-node1 program]$ mv kibana-6.2.3-linux-x86_64 kibana
(3)��、項目配置 config/kibana.yml
[elk@redis-node1 program]$ vi config/kibana.yml
server.port: 5601
server.host: "10.100.0.222"
#elasticsearch.url: "http://localhost:9200"
elasticsearch.url: "http://10.100.0.222:9200"
(4)��、在 kibana 程序創(chuàng)建啟動腳本命令 touch start.sh ; chmod 744 start.sh
#! /bin/sh
APP_PATH=/data/program/elk/kibana
nohup sh bin/kibana > $APP_PATH/logs/kibana-log.log 2>&1 &
echo kibana run
#bin/kibana &
到此��,相信大家對“怎么用中間組件配置ELK+logback搭建日志系統(tǒng)”有了更深的了解��,不妨來實際操作一番吧!這里是億速云網(wǎng)站��,更多相關(guān)內(nèi)容可以進入相關(guān)頻道進行查詢��,關(guān)注我們��,繼續(xù)學習��!
