我要评论资源
ubuntu es 7.10 kibana7.10 filebeat:7.10.2 metricbeat:7.10.2对应的版本必须相同否在会有兼容问题
es kibana
内网地址 192.168.0.94:9200 127.0.0.1:9200 https://127.0.0.1:9200 账户 admin 密码 123456 #端口 9200 es kibana https://127.0.0.1:5601/app/login?nexturl=%2f 账户 admin 密码 123456
日志es kibana服务器安装docker-compose
开放端口
5601,9200
设置系统参数(在宿主机执行)
# 1. 设置内核映射限制参数 sudo sysctl -w vm.max_map_count=262144 # 2. 永久写入配置 echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf # 3. 使配置生效 sudo sysctl -p
目录准备
# 创建基础目录
sudo mkdir -p /www/es-kibana/{metricbeat/modules.d,metricbeat/config,elasticsearch/config,elasticsearch/data,elasticsearch/logs,kibana/config,kibana/logs}
# 拷贝或新建配置文件
# (如果之前已经编辑过,直接 mv 到相应目录即可)
# elasticsearch 配置
sudo tee /www/es-kibana/elasticsearch/config/elasticsearch.yml > /dev/null << eof
cluster.name: "es-docker-cluster"
network.host: 0.0.0.0
http.port: 9200
discovery.type: single-node
bootstrap.memory_lock: true
path.data: /usr/share/elasticsearch/data
path.logs: /usr/share/elasticsearch/logs
# ─── 安全认证 ───────────────────────────
xpack.security.enabled: true
# ─── 开启匿名访问(允许无凭据访问 es http 接口) ───────────────────────────
xpack.security.authc.anonymous.username: anonymous_user
xpack.security.authc.anonymous.roles: superuser
xpack.security.authc.anonymous.authz_exception: false
eof
# kibana 配置
sudo tee /www/es-kibana/kibana/config/kibana.yml > /dev/null << eof
server.name: kibana
server.host: "0.0.0.0"
server.port: 5601
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
# 会话加密与安全相关
xpack.security.encryptionkey: "a_very_long_random_string_at_least_32_chars"
xpack.security.session.idletimeout: "1h"
i18n.locale: "zh-cn"
logging.dest: /usr/share/kibana/logs/kibana.log
eof
#metricbeat 配置
sudo tee /www/es-kibana/metricbeat/config/metricbeat.yml > /dev/null << eof
metricbeat.config.modules:
path: /usr/share/metricbeat/modules.d/*.yml
reload.enabled: false
setup.ilm.enabled: false
setup.template.enabled: true
setup.template.name: "metricbeat-mian-stg"
setup.template.pattern: "metricbeat-mian-stg-*"
output.elasticsearch:
hosts: ["http://elasticsearch:9200"]
username: "elastic"
password: "123456"
monitoring.enabled: true
eof
#启用默认系统监控模块
sudo tee /www/es-kibana/metricbeat/modules.d/system.yml > /dev/null << eof
- module: system
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
- uptime
- filesystem
- diskio
- socket_summary
period: 10s
processes: ['.*']
enabled: true
eof
# 确保目录权限(elasticsearch 默认 uid/gid 都是 1000)
sudo chown -r 1000:1000 /www/es-kibana/elasticsearch/{data,logs}
sudo chown -r 1000:1000 /www/es-kibana/kibana/logs
cd /www/es-kibanavim docker-compose.yml 配置文件
version: '3.8'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
container_name: elasticsearch
environment:
- discovery.type=single-node
- elastic_password=123456
- bootstrap.memory_lock=true
- es_java_opts=-xms1g -xmx1g
ulimits:
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
- "9300:9300"
volumes:
- ./elasticsearch/data:/usr/share/elasticsearch/data
- ./elasticsearch/logs:/usr/share/elasticsearch/logs
- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
networks:
- es-network
kibana:
image: docker.elastic.co/kibana/kibana:7.10.2
container_name: kibana
environment:
- server_port=5601
- elasticsearch_hosts=http://elasticsearch:9200
- elasticsearch_username=elastic
- elasticsearch_password=123456
ports:
- "5601:5601"
volumes:
- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
- ./kibana/logs:/usr/share/kibana/logs
depends_on:
- elasticsearch
networks:
- es-network
metricbeat:
image: docker.elastic.co/beats/metricbeat:7.10.2
container_name: metricbeat
user: root
depends_on:
- elasticsearch
cap_add:
- sys_ptrace
- dac_read_search
volumes:
- ./metricbeat/config/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro
- ./metricbeat/modules.d:/usr/share/metricbeat/modules.d:ro
- /proc:/hostfs/proc:ro
- /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro
- /:/hostfs:ro
networks:
- es-network
volumes: {}
networks:
es-network:
driver: bridge启动服务
cd /www/es-kibana docker-compose down -v docker-compose up -d docker-compose logs -f elasticsearch docker-compose logs -f kibana docker-compose logs -f metricbeat
目录结构一览
/www/es-kibana/ ├── docker-compose.yml ├── elasticsearch/ │ └── elasticsearch.yml ├── kibana/ │ └── kibana.yml ├── data/ # elasticsearch 数据目录(挂载) └── logs/ # elasticsearch 日志目录(挂载)
验证服务
curl http://localhost:9200 #外网 curl http://127.0.0.1:9200 #kibana 获取密码 docker exec -it elasticsearch bin/elasticsearch-setup-passwords auto elastic 123456
目录
mkdir -p /www/filebeat/logs && cd /www/filebeat/logs
调试 filebeat 配置
# 修改模板参数值 上传的参数不一致 setup.template.priority # json解析问题调整 json.keys_under_root: true # 修改这一行 json.add_error_key: true json.message_key: json # 修改这一行 # 先调试->在调试docker启动是否正常同步->启动镜像->启动正式容器
生产prd v99_mian配置filebeat
目录
mkdir -p /www/filebeat/ mkdir -p /www/filebeat/modules.d /www/filebeat/ ├── docker-compose.yml ├── dockerfile └── filebeat.docker.yml
vim filebeat.docker.yml
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/v99mian/**/*.log
- /var/log/nginx/**/*.log
json.keys_under_root: true
json.add_error_key: true
json.overwrite_keys: true
fields:
log_source: mian
processors:
- decode_json_fields:
fields: ["message"]
target: ""
overwrite_keys: true
- timestamp:
field: "@timestamp"
layouts:
- '2006-01-02t15:04:05.000z07:00'
timezone: "utc"
- add_host_metadata: {}
- add_cloud_metadata: {}
- add_docker_metadata: {}
- add_kubernetes_metadata: {}
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
username: "elastic"
password: "123456"
ssl.verification_mode: "none"
setup.template.name: "metricbeat-mian-prd"
setup.template.pattern: "metricbeat-*"
setup.template.priority: 260
setup.ilm.enabled: true
setup.ilm.rollover_alias: "metricbeat-mian-prd"
setup.ilm.pattern: "{now/d}-000001"
setup.ilm.policy_name: "metricbeat-mian-prd-policy"
setup.ilm.policy:
policy:
phases:
hot:
actions:
rollover:
max_age: "1d"
max_size: "50gb"
delete:
min_age: "30d"
actions:
delete: {}
setup.template.settings:
index.mapping.total_fields.limit: 2000
index.mapping.ignore_malformed: true
index.number_of_shards: 1
index.number_of_replicas: 0vim dockerfile
from docker.elastic.co/beats/filebeat:7.10.2 # 切换到 root(确保有权限修改配置文件属主) user root # 复制配置文件到镜像中 copy filebeat.docker.yml /usr/share/filebeat/filebeat.yml # 如果 modules.d 目录下有自定义模块,也一并复制 copy modules.d /usr/share/filebeat/modules.d # 确保 filebeat 用户可以读取配置 run chown -r root:filebeat /usr/share/filebeat/filebeat.yml \ && chmod 0644 /usr/share/filebeat/filebeat.yml # 切回非 root 用户 user filebeat # 挂载日志目录 volume ["/var/log/mian"] volume ["/var/log/nginx"] # 启动命令 cmd ["filebeat", "-e", "--strict.perms=false", "-c", "/usr/share/filebeat/filebeat.yml"]
vim docker-compose.yml
version: '3.8'
services:
filebeat:
build:
context: .
dockerfile: dockerfile
container_name: filebeat-mian
restart: always
user: root
volumes:
- /var/log/v99mian:/var/log/v99mian:ro
- /var/log/nginx:/var/log/nginx:ro
- /var/run/docker.sock:/var/run/docker.sock:ro启动构建docker镜像
cd /www/filebeat docker-compose down -v docker-compose up -d docker-compose up --build -d #调试启动 docker ps # 查看容器运行状态 docker logs -f filebeat-mian # 实时查看输出日志
验证es
curl -u elastic:123456 \ 'http://127.0.0.1:9200/metricbeat-v99mian-prd-*/_search?size=5&pretty' curl -u elastic:123456 'http://127.0.0.1:9200/_cluster/health?pretty' curl -u elastic:123456 'http://127.0.0.1:9200/_cat/indices?v'
到此这篇关于filebeat es 同步服务器日志到es的文章就介绍到这了,更多相关filebeat es 同步服务器日志内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论