elk7.4+filebeat收集日志
16lz
2021-04-18
elk安装和收集日志
一简介
流程图如下:每个客户端安装filebeat
filebeat--->>logstash-->elasticsearch--->kibana
安装es前提要安装java环境
二 elk三个插件安装
1 配置yum源
[root@elk xs]# cat /etc/yum.repos.d/elk.repo [logstash-7.x]name=Elastic repository for 7.x packagesbaseurl=https://artifacts.elastic.co/packages/7.x/yumgpgcheck=1gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearchenabled=1autorefresh=1type=rpm-md
2安装
sudo yum install logstash kibana elasticsearch
三 更改kibana和elasticsearch配置文件
1 elasticsearch配置文件如下
cluster.name: elknode.name: node-1path.data: /var/lib/elasticsearchpath.logs: /var/log/elasticsearchnetwork.host: 172.17.199.231http.port: 9200bootstrap.memory_lock: falsebootstrap.system_call_filter: falsecluster.initial_master_nodes: ["node-1"]
说明:当时没有启用cluster.initial_master_nodes: ["node-1"] ,启动一直报错,报错信息如下:
#[1] bootstrap checks failed# [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
2kibana更改如下
vim /etc/kibana/kibana.ymlserver.port: 5601 #监听端口server.host: "172.17.199.231"elasticsearch.hosts: ["http://172.17.199.231:9200"] #es地址
3启动kibana和elasticsearch
/etc/init.d/kibana start/etc/init.d/elasticsearch start
四 设置logstash
说明:我这里收集的日志比较多,所以写了很多
1 配置文件
input { beats { port => 5044 }}filter{ grok { match => ["message", "%{SYSLOGBASE} %{GREEDYDATA:message}"] overwrite => ["message"] }}output { if [app] == "www" { if [type] == "tiantian-system-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-system-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-system-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-system-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-assets-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-assets-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-assets-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-assets-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-user-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-user-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-user-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-user-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-order-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-order-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-order-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-order-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-audit-service-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-audit-service-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-audit-service-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-audit-service-node6-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-admin-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-admin-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-admin-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-admin-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-collection-service-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-collection-service-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-collection-service-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-collection-service-node6-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-collection-admin-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-collection-admin-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-collection-admin-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-collection-admin-node6-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-collection-job-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-collection-job-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-channel-api-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-channel-api-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-channel-api-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-channel-api-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-job-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-job-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-mq-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-mq-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-mq-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-mq-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "jz-asset-node1" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "jz-asset-node1-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-channel-admin-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-channel-admin-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-channel-admin-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-channel-admin-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-admin-api-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-admin-api-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-admin-api-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-admin-api-node6-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-api-v2-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-api-v2-node2-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-api-v2-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-api-v2-node4-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-audit-admin-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-audit-admin-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-audit-admin-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-audit-admin-node6-%{+YYYY.MM.dd}" } } else if [type] == "xxd-credit-service-node2" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-credit-service-node2-%{+YYYY.MM.dd}" } } else if [type] == "xxd-jinbaodai-api-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-jinbaodai-api-node4-%{+YYYY.MM.dd}" } } else if [type] == "xxd-jinbaodai-api-node7" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-jinbaodai-api-node7-%{+YYYY.MM.dd}" } } else if [type] == "xxd-jinbaodai-service-node7" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-jinbaodai-service-node7-%{+YYYY.MM.dd}" } } else if [type] == "xxd-jinbaodai-service-node4" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-jinbaodai-service-node4-%{+YYYY.MM.dd}" } } else if [type] == "xxd-ops-service-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-ops-service-node5-%{+YYYY.MM.dd}" } } else if [type] == "xxd-ops-service-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-ops-service-node6-%{+YYYY.MM.dd}" } } else if [type] == "xxd-ops-web-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "xxd-ops-web-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-warning-node5" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-warning-node5-%{+YYYY.MM.dd}" } } else if [type] == "tiantian-warning-node6" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tiantian-warning-node6-%{+YYYY.MM.dd}" } } } stdout { codec=> rubydebug }}2启动
设置服务自启动:systemctl enable logstash启动服务:systemctl start logstash停止服务:systemctl stop logstash重启服务:systemctl restart logstash查看服务状态:systemctl status logstash
报错1
启动报错 could not find java;set JAVA_HOME or ensure java报错,是因为java环境变量的问题,解决办法:
# 把你实际的java环境变量做个软连接即可ln -s /usr/local/java/jdk1.8.0_111/bin/java /usr/bin/java
报错2
logstash收集日志报错 Logstash 报错: A plugin had an unrecoverable error. Will restart this plugin
解决办法,/etc/logstash/conf.d目录下面不要有多个conf配置文件
参考:http://jaminzhang.github.io/elk/ELK-Stage-Production-Problem-TroubleShooting-and-Solving/
五 filebeat
在客户端(产生日志的服务器上面安装)
1 安装
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-linux-x86_64.tar.gztar xzvf filebeat-7.4.0-linux-x86_64.tar.gzcurl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-x86_64.rpmsudo rpm -vi filebeat-7.4.0-x86_64.rpm
2 filebeat配置文件
grep -v "^ *#" /etc/filebeat/filebeat.yml |grep -v "^$"
[root@node1 filebeat]# grep -v "^[[:space:]]*#" /etc/filebeat/filebeat.yml |grep -v "^$"filebeat.inputs:- type: log enabled: true paths: - /datalog/service/tiantian-system-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-system-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log enabled: true paths: - /datalog/service/tiantian-system-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-system-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-user-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-user-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-user-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-user-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-assets-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-assets-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-assets-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-assets-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-order-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-order-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-order-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-order-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-audit-service/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-audit-service-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-audit-service/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-audit-service-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-admin-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-admin-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-admin-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-admin-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-collection-service/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-collection-service-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-collection-service/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-collection-service-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-collection-admin/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-collection-admin-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after - type: log paths: - /datalog/service/tiantian-collection-admin/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-collection-admin-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-collection-job/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-collection-job-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-channel-api/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-channel-api-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-channel-api/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-channel-api-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-job/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-job-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-mq-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-mq-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-mq-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-mq-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/jz-asset/node1/nohup.out encoding: utf-8 tail_files: true fields: app: www type: jz-asset-node1 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-channel-admin/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-channel-admin-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-channel-admin/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-channel-admin-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-admin-api/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-admin-api-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after - type: log paths: - /datalog/service/tiantian-admin-api/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-admin-api-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-api-v2/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-api-v2-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-api-v2/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-api-v2-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-audit-admin/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-audit-admin-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-audit-admin/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-audit-admin-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-credit-service/node2/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-credit-service-node2 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-jinbaodai-api/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-jinbaodai-api-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-jinbaodai-api/node7/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-jinbaodai-api-node7 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-jinbaodai-service/node4/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-jinbaodai-service-node4 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-jinbaodai-service/node7/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-jinbaodai-service-node7 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-ops-service/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-ops-service-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-ops-service/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: xxd-ops-service-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-warning/node5/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-warning-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/tiantian-warning/node6/nohup.out encoding: utf-8 tail_files: true fields: app: www type: tiantian-warning-node6 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: after- type: log paths: - /datalog/service/xxd-ops-web/node6/nohup.out encoding: utf-8 tail_files: true backoff: 1s fields: app: www type: xxd-ops-web-node5 fields_under_root: true multiline: pattern: '^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]' negate: true match: afterfilebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: falsesetup.template.settings: index.number_of_shards: 1setup.kibana:output.logstash: hosts: ["172.17.199.231:5044"]processors: - add_host_metadata: ~ - add_cloud_metadata: ~3 配置文件解释
filebeat.prospectors:input_type: logpaths:'/mnt/iss/service/order/nlogs/.log' #==监听日志文件全路径 全部监听用,否则直接写具体文件名,也可模糊匹配。多个目录时增加一行配置即可encoding: utf-8 #==编码格式exclude_files: [".gz$ | .gc."] #==排除监听的文件fields:serverName: 'user-service-006' ##==额外添加的字段,用于区分服务器名称type: service-log ##==多种服务日志时的区分字段fields_under_root: true ##==是否直接添加这些字段到日志内容中scan_frequency: 3s ##==扫描文件的频率#===== Multiline optionsmultiline: ##==多行日志的合并配置,用于异常堆栈内容时的处理pattern: '^{"date":'negate: truematch: aftertimeout: 2sbackoff: 1smax_backoff: 3sclose_renamed: false ##文件重命名后是否停止监听close_removed: true ##文件被删除后是否停止监听tail_files: true ## 是否从文件末尾读取(启动时)enabled: truefilebeat.spool_size: 2048 ## 事件发送的阀值,超过阀值,强制刷新网络连接filebeat.idle_timeout: 2s ## 事件发送的超时时间,即使没有超过阀值,也会强制刷新网络连接ignore_older: 24h ##日志文件监听超时时间阀值六 加密访问
默认kibana直接可以访问,但是这样不太安全,这里我们采用nginx反向代理,并且设置密码访问
1 安装加密工具
需要安装httpd的密码文件工具yum -y install httpd-toolshtpasswd -c -b /etc/kibana/kibana.passwd kibana 111111
2 安装nginx并配置
server {listen 80;server_name kibana.tiantianjiedao.com; access_log /var/log/nginx/kibana/kinaba_access.log main; error_log /var/log/nginx/kibana/kinaba_error.log; auth_basic "Kibana Auth"; auth_basic_user_file /etc/kibana/kibana.passwd;index index.html index.htm;location / {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_pass http://172.17.199.231:5601;}}最后启动nginx,直接访问nginxip即可
©著作权归作者所有:来自51CTO博客作者huningfei的原创作品,如需转载,请注明出处,否则将追究法律责任更多相关文章
- 【OS】什么是YUM?如何配置本地YUM源?
- 一步一步搭建11gR2 rac+dg之DG 机器配置(七)
- RAC 增加SCAN IP
- ubuntu下安装交叉编译的环境脚本
- NAO机器人opencv版本问题解决
- 【庖丁解牛】如何解决wordpress安装主题或者插件时候提示:“安装
- Servlet监听器使用实例(提高程序运行速度)
- Openshift3.7完整安装手册+容器化Harbor
- BBED系列之编译安装(1)