(1)用户通过nginx或haproxy访问ELK日志统计平台,IP地址为keepalived的vip地址。 
(2)nginx将请求转发到kibana 
(3)kibana到elasticsearch获取数据,elasticsearch是两台做的集群,数据会随机保存在任意一台elasticsearch服务器。 
(4)logstash①从redis中取出数据并发送到elasticsearch中。 
(5)redis服务器做数据的临时保存,避免web服务器日志量过大的时候造成的数据收集与保存不一致而导致日志丢失,其中redis可以做集群,然后再由logstash服务器在非高峰时期从redis持续的取出数据。 
(6)logstash②过滤从filebeat取出的日志信息,并放入redis中进行保存。 
(7)filebeat进行收集web的日志 
注:其中为什么要在redis前面增加一台logstash呢?是因为在大量的日志数据写入时,容易导致数据的丢失和混乱,为了解决这一问题,增加一台logstash可以通过类型进行过滤,降低数据传输的臃肿。

1、ELK架构实用演示

(1)修改filebeat输出到logstash

  1. [root@linux-node2 ~]# vim /etc/filebeat/filebeat.yml
  2. output.logstash:
  3.   hosts: ["192.168.56.11:5044"]
  4.   enabled: true
  5.   worker:
  6.   compression_level:
  7. [root@linux-node2 ~]# systemctl restart filebeat

(2)配置linux-node1上的logstash并测试标准输出

  1. [root@linux-node1 conf.d]# cat beats.conf
  2. input {
  3.     beats {
  4.         port => ""
  5.     }
  6. }
  7. output {
  8.     stdout {
  9.         codec => rubydebug
  10.     }
  11. }
  12. #写入日志测试
  13. [root@linux-node2 ~]# echo "" >> /var/log/messages
  14. #查看是否有标准输出
  15. [root@linux-node1 conf.d]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/beat.conf
  16. OpenJDK -Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
  17. WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
  18. Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
  19. [INFO ] -- ::04.358 [[main]<beats] Server - Starting server on port:
  20. {
  21.     "@timestamp" => --02T06::.731Z,
  22.         "offset" => ,
  23.       "@version" => "",
  24.           "beat" => {
  25.             "name" => "linux-node2",
  26.         "hostname" => "linux-node2",
  27.          "version" => "6.0.1"
  28.     },
  29.           "host" => "linux-node2",
  30.     "prospector" => {
  31.         "type" => "log"
  32.     },
  33.         "source" => "/var/log/messages",
  34.        "message" => "",
  35.           "tags" => [
  36.         [] "beats_input_codec_plain_applied"
  37.     ]
  38. }

(3)配置linux-node1的logstash输出到redis

  1. [root@linux-node1 conf.d]# vim beats.conf
  2. input {
  3.     beats {
  4.         port => ""
  5.     }
  6. }
  7. output {
  8.                redis {
  9.                        data_type => "list"
  10.                        host => "192.168.56.12"
  11.                        db => ""
  12.                        port => ""
  13.                        password => ""
  14.                        key => "filebeat-systemlog-5612"
  15.         }
  16. }
  17. [root@linux-node1 conf.d]# systemctl restart logstash
  18. #写入日志
  19. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  20. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  21. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  22. #查看redis的记录
  23. [root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a
  24. 192.168.56.12:> select
  25. OK
  26. 192.168.56.12:[]> keys *
  27. ) "filebeat-systemlog-5612"
  28. 192.168.56.12:[]> keys *
  29. ) "filebeat-systemlog-5612"

(4)配置linux-node2上的logstash从redis中取出数据

  1. [root@linux-node2 conf.d]# vim redis-es.conf
  2. input {
  3.     redis {
  4.         data_type => "list"
  5.         host => "192.168.56.12"
  6.         db => ""
  7.         port => ""
  8.         key => "filebeat-systemlog-5612"
  9.         password => ""
  10.     }
  11. }
  12.  
  13. output {
  14.     elasticsearch {
  15.         hosts => ["192.168.56.11:9200"]
  16.         index => "redis22-systemlog-%{+YYYY.MM.dd}"
  17.     }
  18. }
  19. [root@linux-node2 conf.d]# systemctl restart logstash

(5)head插件查看并添加Kibana索引

  1. #写入日志测试,并在Kibana查看
  2. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  3. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  4. [root@linux-node2 conf.d]# echo "" >> /var/log/messages
  5. [root@linux-node2 conf.d]# date
  6. 2018 01 02 星期二 :: CST

2、filebeat收集多类型日志

  1. #使用filebeat .0写入document_type作为类型判断,无法输出到redis,暂时未找到原因,这里将filebeat换成了5.4版本。
  2. [root@linux-node2 conf.d]# grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$"
  3. filebeat.prospectors:
  4. - input_type: log
  5.   paths:
  6.     - /var/log/*.log
  7.     - /var/log/messages
  8.   exclude_lines: ["^DBG","^$"]
  9.   document_type: filebeat2-systemlog-5612
  10. - input_type : log      #增加一个类型和日志路径
  11.   paths:
  12.     - /usr/local/tomcat/logs/tomcat_access_log.*.log
  13.   document_type: tomcat-accesslog-5612
  14. output.logstash:
  15.   hosts: ["192.168.56.11:5044"]
  16.   worker: 2
  17.   compression_level: 3
  18. [root@linux-node2 conf.d]# systemctl restart filebeat
  19.  
  20. #修改linux-node1上的logstash配置
  21. [root@linux-node1 conf.d]# cat beats.conf
  22. input {
  23.     beats {
  24.         port => "5044"
  25.     }
  26. }
  27. output {
  28.     if [type] == "filebeat2-systemlog-5612" {
  29.            redis {
  30.                        data_type => "list"
  31.                        host => "192.168.56.12"
  32.                        db => "4"
  33.                        port => "6379"
  34.                        password => "123456"
  35.                        key => "filebeat-systemlog-5612"
  36.         }}
  37.     if [type] == "tomcat-accesslog-5612" {
  38.         redis {
  39.             data_type => "list"
  40.             host => "192.168.56.12"
  41.             db => "6"
  42.             port => "6379"
  43.             password => "123456"
  44.             key => "tomcat-accesslog-5612"
  45.         }
  46.     }
  47. }
  48. #访问tomcat并查看日志
  49. [root@linux-node2 conf.d]# tailf /usr/local/tomcat/logs/tomcat_access_log.2018-01-03.log
  50. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  51. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  52. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  53. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  54. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  55. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:12 +0800]","method":"GET /favicon.ico HTTP/1.1","status":"200","SendBytes":"21630","Query?string":"","partner":"http://192.168.56.12:8080/webdir/index.html","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  56. {"clientip":"192.168.56.1","ClientUser":"-","authenticated":"-","AccessTime":"[03/Jan/2018:09:35:13 +0800]","method":"GET /webdir/index.html HTTP/1.1","status":"200","SendBytes":"31","Query?string":"","partner":"-","AgentVersion":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"}
  57.  
  58. #查看redis是否有数据
  59. [root@linux-node2 ~]# redis-cli -h 192.168.56.12 -a 123456
  60. 192.168.56.12:6379[4]> select 6
  61. OK
  62. 192.168.56.12:6379[6]> keys *
  63. 1) "tomcat-accesslog-5612"
  64. 192.168.56.12:6379[6]> keys *
  65. 1) "tomcat-accesslog-5612"
  66. 192.168.56.12:6379[6]> llen tomcat-accesslog-5612
  67. (integer) 54

3、通过nginx代理kibana并实现登录验证

(1)配置nginx

  1. [root@linux-node1 ~]# yum install -y nginx
  2. [root@linux-node1 ~]# vim /etc/nginx/nginx.conf
  3. #增加
  4. include /etc/nginx/conf.d/*.conf;
  5. [root@linux-node1 conf.d]# vim /etc/nginx/conf.d/kibana.conf
  6. upstream kibana_server {
  7.         server 127.0.0.1:5601 weight=1 max_fails=3 fail_timeout=60;
  8. }
  9. server {
  10.         listen 80;
  11.         server_name www.kibana5611.com;
  12.         location / {
  13.                 proxy_pass http://kibana_server;
  14.                 proxy_http_version 1.1;
  15.         }
  16. }
  17. [root@linux-node1 conf.d]# nginx -t
  18. nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  19. nginx: configuration file /etc/nginx/nginx.conf test is successful
  20. [root@linux-node1 conf.d]# systemctl reload nginx

(2)配置kibana.yml

  1. [root@linux-node1 ~]# vim /etc/kibana/kibana.yml
  2. #修改server.host
  3. server.host: "127.0.0.1"
  4. [root@linux-node1 conf.d]# systemctl restart kibana

(3)浏览器访问

windows做hosts解析:192.168.56.11 www.kibana5611.com 
浏览器访问:www.kibana5611.com

(4)配置密码验证登录

  1. [root@linux-node1 ~]# yum install -y httpd-tools
  2. [root@linux-node1 ~]# htpasswd -bc /etc/nginx/conf.d/htpasswd.users zhangshan
  3. [root@linux-node1 ~]# ll /etc/nginx/conf.d/htpasswd.users
  4. -rw-r--r--  root root  1    : /etc/nginx/conf.d/htpasswd.users
  5. [root@linux-node1 ~]# chown nginx.nginx /etc/nginx/conf.d/htpasswd.users
  6. [root@linux-node1 ~]# vim /etc/nginx/nginx.conf
  7. upstream kibana_server {
  8.         server 127.0.0.1: weight= max_fails= fail_timeout=;
  9. }
  10. server {
  11.         listen ;
  12.         server_name www.kibana5611.com;
  13.         auth_basic "Restricted Access";
  14.         auth_basic_user_file /etc/nginx/conf.d/htpasswd.users;
  15.         location / {
  16.                 proxy_pass http://kibana_server;
  17.                 proxy_http_version 1.1;
  18.         }
  19. }
  20. [root@linux-node1 ~]# nginx -t
  21. nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  22. nginx: configuration file /etc/nginx/nginx.conf test is successful
  23. [root@linux-node1 ~]# systemctl reload nginx
  24. 浏览器访问www.kibana5611.com会出现输入用户密码验证登录

ELKStack入门篇(五)之实用架构解析的更多相关文章

  1. 【SSRS】入门篇(五) -- 设置报表格式

    原文:[SSRS]入门篇(五) -- 设置报表格式 在上一节 [SSRS]入门篇(四) -- 向报表添加数据 我们设置好了报表,并可以预览到数据,如下图: 当报表完成后,有个重要的工作就是美化报表格式 ...

  2. ELKStack入门篇(一)之ELK部署和使用

    一.ELKStack简介 1.ELK介绍 中文指南:https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details ELK Stack包 ...

  3. ELKStack入门篇(二)之Nginx、Tomcat、Java日志收集以及TCP收集日志使用

    1.收集Nginx的json格式日志 1.1.Nginx安装 [root@linux-node1 ~]# yum install nginx -y [root@linux-node1 ~]# vim ...

  4. 小迪安全 Web安全 基础入门 - 第五天 - 资产架构&端口&应用&CDN&WAF&站库分离&负载均衡

    一.资产架构 1.Web单个源码指向安全,域名指向一个网站,网站对应一个程序.对应一个目录. 2.Web多个目录源码安全,搭建完一个网站后,在网站目录下搭建新的站点. 3.Web多个端口源码安全,与多 ...

  5. c++入门篇五

    默认参数: //默认参数//函数的默认参数,参数后面有'='//函数参数注意事项,如有一个位置有了默认参数//那么从该位置的后面就必须要有参数 , ) { //b有默认参数,b的后面也应该要有默认参数 ...

  6. redis的入门篇---五种数据类型及基本操作

    查看所有的key keys * 清空所有的key flushall 检查key是否存在 exists key 设置已存在的key的时长 expire key //设置key为10s 查看key还剩多少 ...

  7. ELKStack入门篇(四)之Filebeat

    Filebeat是轻量级单用途的日志收集工具,用于在没有安装java的服务器上专门收集日志,可以将日志转发到logstash.elasticsearch或redis等场景中进行下一步处理. 官方文档: ...

  8. ELKStack入门篇(三)之logstash收集日志写入redis

    1.部署Redis 1.1.下载redis [root@linux-node2 ~]# wget http://download.redis.io/releases/redis-4.0.6.tar.g ...

  9. spring boot入门篇

    Spring Boot[快速入门]   Spring Boot 概述 Build Anything with Spring Boot:Spring Boot is the starting point ...

随机推荐

  1. TTransport 概述

    TTransport TTransport主要作用是定义了IO读写操作以及本地缓存的操作,下面来看TIOStreamTransport是如何实现的. public abstract class TTr ...

  2. 【LGP5162】WD与积木

    题目 场面过度玄学,容易引起不适 我们发现我们要求的这个期望由分母和分子两部分构成 易发现 \[Ans=\frac{\sum_{i=1}^nS_2(n,i)\times i\times i!}{\su ...

  3. 2019.3.26 为什么说HTTP是无状态协议/无连接

    无状态 1.协议对于事务处理没有记忆能力 2.对同一个url请求没有上下文关系 3.每次的请求都是独立的,它的执行情况和结果与前面的请求和之后的请求时无直接关系的,它不会受前面的请求应答情况直接影响, ...

  4. iOS获取当前连接的wifi信息

    导入框架CaptiveNetwork #import <SystemConfiguration/CaptiveNetwork.h> 获取当前连接的wifi信息 // 只能获取当前的SSID ...

  5. FreeMarker之根据模板生成Java代码

    FreeMarker根据模板生成Java代码,光这句话,大家想必也知道它的应用了,比如流行的DRY原则,该原则的意思,可简单概述为"不要写重复的代码". 比如Java中三层架构,数 ...

  6. [转]基于C#的开源GIS项目介绍之SharpMap篇

    我是一个刚毕业的GIS本科毕业生,目前在杭州从事GIS软件应用开发.在项目开发中总感觉自己的编程水平还不够,于是想找些开源GIS小项目来研究研究,借以提高自己的编程能力和项目开发能力.在网上搜了一下“ ...

  7. ThinkPHP5入门(三)----模型篇

    一.操作数据库 1.数据库连接配置 数据库默认的相关配置在项目的application\database.php中已经定义好. 只需要在模块的数据库配置文件中配置好当前模块需要连接的数据库的配置参数即 ...

  8. sudo 启动tomcat报错没有java环境

    报错: Cannot find ./catalina.shThe file is absent or does not have execute permissionThis file is need ...

  9. Android Asynctask与Handler的比较,优缺点区别,Asynctask源码

    1  AsyncTask实现的原理,和适用的优缺点 AsyncTask,是android提供的轻量级的异步类,可以直接继承AsyncTask,在类中实现异步操作,并提供接口反馈当前异步执行的程度(可以 ...

  10. CentOS7.2安装RabbitMQ笔记

    身为.NET程序员,用着宇宙级IDE,干什么事都变得越来越懒了,Windows操作系统在手,能通过桌面点点点的方式何必找其他罪受呢..于是RabbitMQ自然而然也就跑在Windows上了,说实话Wi ...