1.使用sebp/elk的镜像部署elk
# docker run -itd --name elk -p 5044:5044 -v /data/elastic/:/var/lib/elasticsearch sebp/elk
//-p 5044 5044端口是logstash接受filebeat发送的日志端口,对外暴露
//-v /data/elastic挂在本地目录到elastic的日志存储目录
//由于elk对elastic的9200端口和kibana的5601端口不设置验证,所有后面使用nginx代理的方式进行访问验证
2.进入容器elk,配置
# docker exec -it elk bash
2.1配置elastic
# sed '/^#/d' /etc/elasticsearch/elasticsearch.yml
cluster.name: ych-ELK
node.name: ELK-node
path.repo: /var/backups
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
2.2配置logstash的其中一个配置文件
# sed '/^#/d' /etc/logstash/conf.d/203.conf
input {
beats {
port => 5044
}
}
output {
if "203-nginx" in [tags] {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "203-nginx-%{+YYYY.MM}"
manage_template => true
}
}
else if "203-zabbix" in [tags] {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "203-zabbix-%{+YYYY.MM}"
manage_template => true
}
}
}
//203.conf配置两个index,注意tags跟filebeat配置文件中的tags对应,index跟kibana页面的index对应
2.2配置kibana
# sed -e '/^#/d' -e '/^$/d' /opt/kibana/config/kibana.yml
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"
2.4重启elk容器
# docker restart elk
3.配置filebeat
3.1配置filebeat客户端
# vim /etc/filebeat/filebeat.yml
filebeat.prospectors:
- input_type: log
paths:
- /var/log/nginx/access.log
exclude_lines: ['TRACE']
encoding: "utf-8"
tags: "203-nginx"
- input_type: log
paths:
- /tmp/zabbix_agentd.log
exclude_lines: ['TRACE']
encoding: "utf-8"
tags: "203-zabbix"
output.logstash:
hosts: ["192.168.10.222:5044"]
//配置两个日志目录,对应两个tags,输出到elk的服务端logstash
3.2重启客户端filebeat
# /etc/init.d/filebeat restart
4.配置nginx
4.1nginx vhost配置
# vim /root/default.conf
server {
listen 9200;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/site_pass;
proxy_pass http://172.17.0.2:9200;
proxy_set_header Host $host:9200;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
server {
listen 5601;
server_name localhost;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/site_pass;
proxy_pass http://172.17.0.2:5601;
proxy_set_header Host $host:5601;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
//分别代理9200和5601端口到elk容器的对应端口,注意elk容器IP
4.2添加网页验证
# vim /root/site_pass
elk:rwE.z8.AYeh9c
//验证信息通过htpasswd生成
4.3启动nginx容器
# docker run -itd --name nginx -p 9200:9200 -p 5601:5601 -v /root/default.conf:/etc/nginx/conf.d/default.conf -v /root/site:/etc/nginx_pass nginx
//映射9200和5601端口,挂载本地vhost和验证信息配置文件
5.kibana添加index
docker部署nginx+elk+filebeat部署日志平台
作者:Garany 发布于:2018-10-10
« mongoDB导出导入
|
MongoDB分片集群»
最新微语
最新文章
链接
最新评论
- EdwardSoype 说:
十字路口,我们分着走。你走我的泪,... - 热搜 说:
文章还不错支持一下 - 头条 说:
文章非常好超喜欢 - 新闻头条 说:
文章非常好超喜欢 - 今日头条新闻 说:
文章还不错支持一下
我来说说