日志监控及检索:logstash+elasticsearch+kibana
一、简介1、logstash:日志、事件管理工具,可以收集、分析(过滤)、存储
它有两种运行模式:
standalone:所有的都部署在同一台服务器上
centralized:多服务器模式
2、elasticsearch:开源搜索引擎,用来日志检索
3、kibana:可视化日志和数据系统,作为elasticsearch的web前端
二、部署
1、安装redis
2、安装jdk
3、安装elasticsearch
cd /opt
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.1.tar.gz
tar -zxvf elasticsearch-1.1.1.tar.gz
elasticsearch-1.1.1/bin/elasticsearch -f
4、安装logstash
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.1.tar.gz
tar -zxvf logstash-1.4.1.tar.gz
a、 创建配置文件agent.conf(用与解析日志文件并存储到redis中)
input {
file{
type => "linux-syslog"
path => [ "/opt/pomelo.log" ]
}
}
output {
redis {
host => "192.168.1.238"
data_type =>"list"
key => "logstash"
}
}
启动logstash(agent.conf)
logstash-1.4.1/bin/logstash agent -f agent.conf
b、创建index.conf(用于从redis提取数据输出到elasticsearch)
input {
redis {
host => '127.0.0.1'
data_type => 'list'
port => '6379'
key => 'logstash'
type => 'redis-input'
}
}
output {
elasticsearch_http {
host => '192.168.1.238'
port => '9200'
}
}
启动logstash(index.conf)
logstash-1.4.1/bin/logstash agent -f index.conf
5、安装nginx或者apache
6、安装kibana
wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.0.tar.gz
tar -zxvf kibana-3.1.0.tar.gz
cd kibana
mv * /usr/local/nginx/html
7、启动nginx
/usr/local/nginx/nginx
8、访问192.168.1.238
9、测试
向日志文件输入内容
echo "tang yu" >> pomelo.log
然后在web上检索一下
页:
[1]