[紀錄] Logstash + ElasticSearch + Kibana

10 月 14

joechenELK, 未分類 No Comments

可簡寫為ELK

相關資訊與軟體,均可在以下網址取得
https://www.elastic.co/downloads

[環境]
0.Hardware:

CPU: 2 cores
H.D: 80G
RAM: 2GB

1.OS:

“Ubuntu Server 14.04.3 LTS” in Virtualbox VM 5.0.6(x64)
WM and DM: xfce4 and lightdm
(註:如需變更桌面管理或視窗管理, 可參考http://blog.dgps.kh.edu.tw/blog/jimjye/ubuntuc/2012/06/26/3657)

2.Install setting:

Service: SSH only
H.D Layout: LVM for whole the disk
User: joechen / niuxxxcc

3.Install ELK
3.0 install JDK
sudo apt-get install openjdk-7-jre

3.1 install ElasticSearch
Download and install the Public Signing Key:

wget -qO – https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –

Save the repository definition to /etc/apt/sources.list.d/elasticsearch-{branch}.list:

echo “deb http://packages.elastic.co/elasticsearch/1.7/debian stable main” | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list

# sudo apt-get update && sudo apt-get install elasticsearch

Configure Elasticsearch to automatically start during bootup, (for Ubuntu 14.0.3 LTS server)
# sudo update-rc.d elasticsearch defaults 95 10
# service elasticsearch start

then, you can check the service by typing “netstat -tln”

3.2 install logstash
wget https://download.elastic.co/logstash/logstash/packages/debian/logstash_1.5.4-1_all.deb
sudo dpkg -i logstash_1.5.4-1_all.deb
3.3 install logstash-forwarder
wget https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_0.4.0_amd64.deb
sudo dpkg -i logstash-forwarder_0.4.0_amd64.deb
3.4 install kibana
wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz
cd /opt
tar zxvf kibana-4.1.2-linux-x64.tar.gz ; mv kibana-4.1.2-linux-x64 kibana
# /opt/kibana/bin/kibana &
netstat -tln (to check if port 5601 is used)
3.5 install Shield
3.6 install Packetbeat
3.7 install topbeat

3.8 kibana plugin
https://github.com/sirensolutions/sentinl/wiki/SENTINL-Installation
Centos

sudo yum install fontconfig freetype

Kibana 4.x
Snapshot Plugin Install

Browse to our releases and choose the relevant version, ie: tag-4.6.4-4 to use for installing the plugin:

/opt/kibana/bin/kibana plugin --install sentinl -u https://github.com/sirensolutions/sentinl/releases/download/tag-4.6.4-4/sentinl.zip

參考文件
http://www.code123.cc/docs/kibana-logstash/v4/setup.html

另一篇適合安裝新手的
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-4-on-ubuntu-14-04

Leave a Reply

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Copy link
CopyCopied