(1)用户通过nginx或haproxy访问ELK日志统计平台,IP地址为keepalived的vip地址。 
(2)nginx将请求转发到kibana 
(3)kibana到elasticsearch获取数据,elasticsearch是两台做的集群,数据会随机保存在任意一台elasticsearch服务器。 
(4)logstash①从redis中取出数据并发送到elasticsearch中。 
(5)redis服务器做数据的临时保存,避免web服务器日志量过大的时候造成的数据收集与保存不一致而导致日志丢失,其中redis可以做集群,然后再由logstash服务器在非高峰时期从redis持续的取出数据。 
(6)logstash②过滤从filebeat取出的日志信息,并放入redis中进行保存。 
(7)filebeat进行收集web的日志 
注:其中为什么要在redis前面增加一台logstash呢?是因为在大量的日志数据写入时,容易导致数据的丢失和混乱,为了解决这一问题,增加一台logstash可以通过类型进行过滤,降低数据传输的臃肿。

1、ELK架构实用演示

(1)修改filebeat输出到logstash

[root@linux-node2 ~]# vim /etc/filebeat/filebeat.yml

output.logstash:

  hosts: ["192.168.56.11:5044"]

  enabled: true

  worker:

  compression_level:

[root@linux-node2 ~]# systemctl restart filebeat

(2)配置linux-node1上的logstash并测试标准输出

[root@linux-node1 conf.d]# cat beats.conf

input {

    beats {

        port => ""

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

#写入日志测试

[root@linux-node2 ~]# echo "" >> /var/log/messages

#查看是否有标准输出

[root@linux-node1 conf.d]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/beat.conf

OpenJDK -Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

[INFO ] -- ::04.358 [[main]<beats] Server - Starting server on port:

{

    "@timestamp" => --02T06::.731Z,

        "offset" => ,

      "@version" => "",

          "beat" => {

            "name" => "linux-node2",

        "hostname" => "linux-node2",

         "version" => "6.0.1"

    },

          "host" => "linux-node2",

    "prospector" => {

        "type" => "log"

    },

        "source" => "/var/log/messages",

       "message" => "",

          "tags" => [

        [] "beats_input_codec_plain_applied"

    ]

}

(3)配置linux-node1的logstash输出到redis

[root@linux-node1 conf.d]# vim beats.conf

input {

    beats {

        port => ""

    }

}

output {

               redis {

                       data_type => "list"

                       host => "192.168.56.12"

                       db => ""

                       port => ""

                       password => ""

                       key => "filebeat-systemlog-5612"

        }

}

[root@linux-node1 conf.d]# systemctl restart logstash

#写入日志

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

#查看redis的记录

[root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a

192.168.56.12:> select

OK

192.168.56.12:[]> keys *

) "filebeat-systemlog-5612"

192.168.56.12:[]> keys *

) "filebeat-systemlog-5612"

(4)配置linux-node2上的logstash从redis中取出数据

[root@linux-node2 conf.d]# vim redis-es.conf

input {

    redis {

        data_type => "list"

        host => "192.168.56.12"

        db => ""

        port => ""

        key => "filebeat-systemlog-5612"

        password => ""

    }

}

output {

    elasticsearch {

        hosts => ["192.168.56.11:9200"]

        index => "redis22-systemlog-%{+YYYY.MM.dd}"

    }

}

[root@linux-node2 conf.d]# systemctl restart logstash

(5)head插件查看并添加Kibana索引

#写入日志测试,并在Kibana查看

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# echo "" >> /var/log/messages

[root@linux-node2 conf.d]# date

2018年 01月 02日 星期二 :: CST

2、filebeat收集多类型日志

#使用filebeat .0写入document_type作为类型判断,无法输出到redis,暂时未找到原因,这里将filebeat换成了5.4版本。

[root@linux-node2 conf.d]# grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$"

filebeat.prospectors:

- input_type: log

  paths:

    - /var/log/*.log

    - /var/log/messages

  exclude_lines: ["^DBG","^$"]

  document_type: filebeat2-systemlog-5612

- input_type : log      #增加一个类型和日志路径

  paths:

    - /usr/local/tomcat/logs/tomcat_access_log.*.log

  document_type: tomcat-accesslog-5612

output.logstash:

  hosts: ["192.168.56.11:5044"]

  worker: 2

  compression_level: 3

[root@linux-node2 conf.d]# systemctl restart filebeat

#修改linux-node1上的logstash配置

[root@linux-node1 conf.d]# cat beats.conf

input {

    beats {

        port => "5044"

    }

}

output {

    if [type] == "filebeat2-systemlog-5612" {

           redis {

                       data_type => "list"

                       host => "192.168.56.12"

                       db => "4"

                       port => "6379"

                       password => "123456"

                       key => "filebeat-systemlog-5612"

        }}

    if [type] == "tomcat-accesslog-5612" {

        redis {

            data_type => "list"

            host => "192.168.56.12"

            db => "6"

            port => "6379"

            password => "123456"

            key => "tomcat-accesslog-5612"

        }

    }

}

#访问tomcat并查看日志

[root@linux-node2 conf.d]# tailf /usr/local/tomcat/logs/tomcat_access_log.2018-01-03.log

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

{"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:13 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}

#查看redis是否有数据

[root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a 123456

192.168.56.12:6379[4]> select 6

OK

192.168.56.12:6379[6]> keys *

1) "tomcat-accesslog-5612"

192.168.56.12:6379[6]> keys *

1) "tomcat-accesslog-5612"

192.168.56.12:6379[6]> llen tomcat-accesslog-5612

(integer) 54

3、通过nginx代理kibana并实现登录验证

(1)配置nginx

[root@linux-node1 ~]# yum install -y nginx

[root@linux-node1 ~]# vim /etc/nginx/nginx.conf

#增加

include /etc/nginx/conf.d/*.conf;

[root@linux-node1 conf.d]# vim /etc/nginx/conf.d/kibana.conf

upstream kibana_server {

        server 127.0.0.1:5601 weight=1 max_fails=3 fail_timeout=60;

}

server {

        listen 80;

        server_name www.kibana5611.com;

        location / {

                proxy_pass http://kibana_server;

                proxy_http_version 1.1;

        }

}

[root@linux-node1 conf.d]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@linux-node1 conf.d]# systemctl reload nginx

(2)配置kibana.yml

[root@linux-node1 ~]# vim /etc/kibana/kibana.yml

#修改server.host

server.host: "127.0.0.1"

[root@linux-node1 conf.d]# systemctl restart kibana

(3)浏览器访问

windows做hosts解析:192.168.56.11 www.kibana5611.com 
浏览器访问:www.kibana5611.com

(4)配置密码验证登录

[root@linux-node1 ~]# yum install -y httpd-tools

[root@linux-node1 ~]# htpasswd -bc /etc/nginx/conf.d/htpasswd.users zhangshan

[root@linux-node1 ~]# ll /etc/nginx/conf.d/htpasswd.users

-rw-r--r--  root root  1月    : /etc/nginx/conf.d/htpasswd.users

[root@linux-node1 ~]# chown nginx.nginx /etc/nginx/conf.d/htpasswd.users

[root@linux-node1 ~]# vim /etc/nginx/nginx.conf

upstream kibana_server {

        server 127.0.0.1: weight= max_fails= fail_timeout=;

}

server {

        listen ;

        server_name www.kibana5611.com;

        auth_basic "Restricted Access";

        auth_basic_user_file /etc/nginx/conf.d/htpasswd.users;

        location / {

                proxy_pass http://kibana_server;

                proxy_http_version 1.1;

        }

}

[root@linux-node1 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@linux-node1 ~]# systemctl reload nginx

浏览器访问www.kibana5611.com会出现输入用户密码验证登录

ELKStack入门篇(五)之实用架构解析的更多相关文章

  1. 【SSRS】入门篇(五) -- 设置报表格式

    原文:[SSRS]入门篇(五) -- 设置报表格式 在上一节 [SSRS]入门篇(四) -- 向报表添加数据 我们设置好了报表,并可以预览到数据,如下图: 当报表完成后,有个重要的工作就是美化报表格式 ...

  2. ELKStack入门篇(一)之ELK部署和使用

    一.ELKStack简介 1.ELK介绍 中文指南:https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details ELK Stack包 ...

  3. ELKStack入门篇(二)之Nginx、Tomcat、Java日志收集以及TCP收集日志使用

    1.收集Nginx的json格式日志 1.1.Nginx安装 [root@linux-node1 ~]# yum install nginx -y [root@linux-node1 ~]# vim ...

  4. 小迪安全 Web安全 基础入门 - 第五天 - 资产架构&端口&应用&CDN&WAF&站库分离&负载均衡

    一.资产架构 1.Web单个源码指向安全,域名指向一个网站,网站对应一个程序.对应一个目录. 2.Web多个目录源码安全,搭建完一个网站后,在网站目录下搭建新的站点. 3.Web多个端口源码安全,与多 ...

  5. c++入门篇五

    默认参数: //默认参数//函数的默认参数,参数后面有'='//函数参数注意事项,如有一个位置有了默认参数//那么从该位置的后面就必须要有参数 , ) { //b有默认参数,b的后面也应该要有默认参数 ...

  6. redis的入门篇---五种数据类型及基本操作

    查看所有的key keys * 清空所有的key flushall 检查key是否存在 exists key 设置已存在的key的时长 expire key //设置key为10s 查看key还剩多少 ...

  7. ELKStack入门篇(四)之Filebeat

    Filebeat是轻量级单用途的日志收集工具,用于在没有安装java的服务器上专门收集日志,可以将日志转发到logstash.elasticsearch或redis等场景中进行下一步处理. 官方文档: ...

  8. ELKStack入门篇(三)之logstash收集日志写入redis

    1.部署Redis 1.1.下载redis [root@linux-node2 ~]# wget http://download.redis.io/releases/redis-4.0.6.tar.g ...

  9. spring boot入门篇

    Spring Boot[快速入门]   Spring Boot 概述 Build Anything with Spring Boot:Spring Boot is the starting point ...

随机推荐

  1. spring的权限控制,过滤器

    spring的过滤器可以实现登录状态问题 1.创建一个AccessFilter类,基础代码 package com.ujia.util.access; import javax.servlet.htt ...

  2. ACM退役帖

    不知不觉在ACM竞赛的道路上已经走了两年半了,不得不感慨时间真的是过得很快. 还记得大一的时候什么也不会,每天晚上翘晚自习来机房刷题,浑浑噩噩的经过大一的打铁,大二开始有计划系统的学习ACM知识点,直 ...

  3. 【[IOI2014]Wall 砖墙】

    好像随便一卡就最优解了 malao告诉我这道题挺不错的,于是就去写了写 这两个操作很有灵性啊,感觉这么有特点的数大概是需要分块维护的吧 但是并没有什么区间查询,只是在最后输出整个序列 于是我们就直接用 ...

  4. [19/04/16-星期二] 注解机制(Annotation,区别于comment(传统意义上的注释))

    一.概念 作用: ——不是程序本身,可以对程序作出解释.(这一点和注释没什么区别) ——可以被其它程序(比如编译器)读取,这是区别于注释的最重要的一点. 格式: ——"@注释名" ...

  5. list详解

    #include <iostream> #include <vector> #include <list> std::list<std::string> ...

  6. 浅谈chr(239) . chr(187) . chr(191)的作用

    chr(239) . chr(187) . chr(191) 作为一名初学者,偶尔在代码中发现这么一段代码: json_decode(trim($param, chr(239) . chr(187) ...

  7. Linux系统的环境变量$PATH

    $PATH:决定了shell将到哪些目录中寻找命令或程序,PATH的值是一系列目录,当您运行一个程序时,Linux在这些目录下进行搜寻编译链接. 修改$PATH的方法有很多,比如: export PA ...

  8. Spotlight On Oracle安装和使用

    Spotlight On Oracle安装和使用 软件版本:Version: 5.0.1.1022 注册码:063920179532918005749 Site Message:Quest Free ...

  9. 404 Note Found 队-Alpha10

    目录 组员情况 组员1(组长):胡绪佩 组员2:胡青元 组员3:庄卉 组员4:家灿 组员5:凯琳 组员6:翟丹丹 组员7:何家伟 组员8:政演 组员9:黄鸿杰 组员10:刘一好 组员11:何宇恒 展示 ...

  10. Unity Loding白屏

    卡loading很多时候是由于网络原因造成的,你可以尝试断网,进入离线模式.如果使用VPN也可以先关闭使用,部分Vpn的配置也会导致该问题出现.最后可以查看一下防火墙的设置.