2023年7月17日发(作者：)

ELK6.7版本部署配置并配合nginx添加访问限制kibana 6以后版本增加了查看⽇志上下⽂功能最新logstash ES需要jdk1.8⽀持elasticsearch-6.7.0-linux-x86_ ana-6.7.0-linux-x86_ 下载完成后安装jdk并配置环境变量vim /etc/profile末尾添加JAVA_HOME=/usr/java/jdk1.8.0_121PATH=$PATH:$JAVA_HOME/binexport JAVA_HOME PATH

source /etc/profile

解压配置ELKtar -xvf elasticsearch-6.7.0-linux-x86_ -xvf kibana-6.7.0-linux-x86_ -xvf

配置ESvim #添加以下配置: es_: : /software/elasticsearch/: /software/elasticsearch/: : : 9300

ES不允许使⽤root⽤户运⾏，需要建单独的⽤户useradd esrootpasswd esrootchown -R esroot elasticsearch/su esroot./bin/elasticsearch 启动es会有如下报错：ERROR: [3] bootstrap checks failed[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535][2]: max number of threads [1804] for user [esroot] is too low, increase to at least [4096][3]: max virtual memory areas _map_count [65530] is too low, increase to at least [262144] vim /etc/security/ 增加以下配置* soft nofile 65536* hard nofile 65536* soft nproc 4096* hard nproc 4096

vi /etc/_map_count=262144sysctl -p再次启动ES

配置logstash如服务器java环境不是jdk1.8，可在启动脚本中加⼊export JAVA_HOME=/usr/java/jdk1.8export JRE_HOME=/usr/java/jdk1.8/jrevim 增加配置input { file { type => "CRM" path => "/software/crm_log_.txt" start_position => beginning codec => multiline { pattern => "%{TIMESTAMP_ISO8601}" negate => true what => "previous" }

}}filter { if [type] == "CRM"{ grok{ match=>{"message"=>"%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{JAVALOGMESSAGE:msg}" } } }}output { elasticsearch { action => "index" #The operation on ES hosts => "192.168.1.237:9200"

index => "tomcatlog_%{+}"

user => "esadmin" password => "kcwl2017" }}启动 ./bin/logstash -f config/

配置kibanavim config/ 添加配置: : "192.168.1.237": "IP:9200" # kibana监听的es集群me: "esadmin"rd: "admin996": ".kibana"启动 ./bin/kibana

在kibana创建index pattern 需与logstash 配置⽂件中index相同

增加页⾯访问验证yum -y install httpd nginxhtpasswd -c -b esadmin 123456cp /etc/nginx/vim /etc/nginx/conf.d/ 增加以下配置server {

listen 80;

server_name 192.168.1.237; #主机名

auth_basic "Restricted Access";

auth_basic_user_file /etc/nginx/; #登录验证

location / {

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection 'upgrade';

proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;

} }

systemctl start nginx访问页⾯验证