Install logstash ELK stack on CentOS 7 Elasticsearch, Logstash, Kibana
Делаю
12.04.2019
По материалам индуса:
https://www.youtube.com/watch?v=Cfbanio3Lao&list=PL34sAs7_26wOgpqMW_0_E95k9tq2VkMOZ&index=1
Рисунки индуса:
Подготавливаем host машину
$ vagrant plugin install vagrant-hostmanager
$ sudo /etc/hosts
#---------------------------------------------------------------------
# ELK hosts
#---------------------------------------------------------------------
192.168.0.10 client.example.com client
192.168.0.11 server.example.com server
На хост машине запускаем виртуалки
$ mkdir ~/vagrant-elk && cd ~/vagrant-elk
# git clone https://bitbucket.org/sysadm-ru/elk .
$ cd vagrant-provisioning/
$ vagrant up
Устанавливаем и настраиваем по следующей инструкции.
https://bitbucket.org/sysadm-ru/elk/src/master/INSTALL-CentOS7.md
root пароль - admin
На клиенте настройка Filebeat
# cd /etc/filebeat/
# cp filebeat.yml filebeat.yml.orig
# vi filebeat.yml
# Change to true to enable this input configuration.
enabled: true
paths:
- /var/log/messages
- /var/log/secure
Комментируем
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["server.example.com:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash.crt"]
# journalctl --unit filebeat
-- Logs begin at Fri 2019-04-12 08:13:59 UTC, end at Fri 2019-04-12 08:38:26 UTC
Apr 12 08:38:26 client.example.com systemd[1]: Started Filebeat sends log files
Настройка в GUI
http://server.example.com/app/kibana
