The ELK log platform is built

Method 1: CentoOS direct installation (Version 6.8.16)

1. Prepare the environment in advance

• JDK1.8
• Create folder for ELK as user (not root)

#Create a file
cd /usr/local/
mkdir elk

#Create groups and users
groupadd elk
adduser elk
useradd -g elk elk
passwd elk

#Give elk user the elk folder ownership
chown elk:elk /usr/local/elk/
Copy the code

2. ES installation

• ES to download

#Download the ESWget HTTP: / / https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.8.16.tar.gz#Unpack theThe tar - ZXVF elasticsearch - 6.8.16. Tar. GzCopy the code

• Configuration file editingconfig/elasticsearch.yml

Network. The host: 0.0.0.0 HTTP. Port: 9200Copy the code

• The following information is displayed

[root@instance-g5pyqzzl elk]# curl http://127.0.0.1:9200 {"name" : "G4x8BMj", "cluster_name" : {"number" : "6.8.16", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "1f62092", "build_date" : "2021-05-21T19:27:57.985321z ", "build_snapshot" : false, "lucene_version" : "7.7.3", "minimum_Wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0"}, "tagline" : "You Know, for Search" }Copy the code

• Errors you might encounter

#  max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
#Add a line vm.max_map_count=262144 to the /etc/sysctl.conf file
#Effective immediately
/sbin/sysctl -p
Copy the code

• Enable user name and password authentication

#Edit/config/elasticsearch. Yml to join the following content
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

#Run a command to initialize the password. Enter the password as prompted
./bin/elasticsearch-setup-passwords interactive

#You need a password to access it again
Copy the code

3. Logstash installation

• Logstash download

Wget HTTP: / / https://artifacts.elastic.co/downloads/logstash/logstash-6.8.16.tar.gz#Unpack theThe tar - ZXVF logstash - 6.8.16. Tar. GzCopy the code

• If password authentication is enabled on ES, perform the following operations

• Logstash. Yml configuration

# to pay special attention to, there is a problem with the username permissions, can modify the permissions, or to create a user, on kibana HTTP. Host: "192.168.137.100" # if the ES opens the password in the form of the need to configure the xpack. Monitoring. Enabled: true xpack.monitoring.elasticsearch.username: logstash_system xpack.monitoring.elasticsearch.password: Elastic xpack. Monitoring. Elasticsearch. Hosts: [" https://192.168.137.100:9200 "]Copy the code

• Logstash. Conf configuration

Input {TCP} # select "server" mode => "server" The default port is 4560, which corresponds to destination Host => "192.168.137.100" in appender logback. XML Ssl_verify => true ssl_certificate_authorities => ssl_certificate_authorities ["/usr/local/elk/logstash - 6.8.16 / config/SSL/ca - dp. Pem "] ssl_cert = > "/ usr/local/elk/logstash - 6.8.16 / config/SSL/server - cert - dp. Pem" ssl_key = > "/usr/local/elk/logstash-6.8.16/config/ssl/server-key-dp.pem"}} filter {  #Filter, fill as needed} output {elasticsearch {action => "index"; hosts => 192.168.137.100:9200; #index => "applog" index => "springboot-%{[appname]}-%{+ YYYY.mm.dd}" user => elastic password => elastic}}Copy the code

• The SpringBoot logback. XML configuration is as follows

<appender name="stash" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> The < destination > 192.168.137.100:4560 < / destination > <! - the encoder must be configured with a variety of optional - > < encoder charset = "utf-8" class = "net. Logstash. Logback. Encoder. LogstashEncoder" > <customFields>{" appName ":"demo"}</customFields> </encoder> # If logStash SSL is enabled, generate the response certificate < SSL > <keyStore> <location>classpath:/keystore.jks</location> <password>123456</password> </keyStore> <trustStore> <location>classpath:/truststore.jks</location> <password>123456</password> </trustStore> </ssl> </appender>Copy the code

4, Kibana installation

• Kibana download

Wget HTTP: / / https://artifacts.elastic.co/downloads/kibana/kibana-6.8.16-linux-x86_64.tar.gz#Unpack the

Copy the code

• configuration

vim kibana.yml
#Modify the following configurationsServer host: "192.168.137.100" server. Name: "192.168.137.100" elasticsearch. Hosts: [" http://192.168.137.100:9200 "]#If ES has a password, you need to configure the password
elasticsearch.username: "kibana"
elasticsearch.password: "elastic"
Copy the code

5. Check the configuration of subsequent logs

• See how many indexes there are

• Creating a query set

• Normal use

• User management

ES Curl Operations

6. The LogStash certificate and logback certificate are generated

# generate script auto-.sh #! / bin/bash # # below is configuration information - (BEGIN) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- CODE = "dp" IP = "docker server IP" PASSWORD = "certificate PASSWORD" COUNTRY = "CN" ORGANIZATIONAL_UNIT="Dev" COMMON_NAME="$IP" EMAIL=" EMAIL "# --[END]-- # Generate CA key openssl genrsa -aes256 -passout "pass:$PASSWORD" -out "ca-key-$CODE.pem" 4096 # Generate CA openssl req -new -x509 -days 365 -key "ca-key-$CODE.pem" -sha256 -out "ca-$CODE.pem" -passin "pass:$PASSWORD" -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL" # Generate Server key openssl genrsa -out "server-key-$CODE.pem" 4096 # Generate Server Certs. openssl req -subj "/CN=$COMMON_NAME" Pem "-out server. CSR echo "subjectAltName = IP:$IP,IP:127.0.0.1" >> extfile.cnf echo "extendedKeyUsage = serverAuth" >> extfile.cnf openssl x509 -req -days 365 -sha256 -in server.csr -passin "pass:$PASSWORD" -CA "ca-$CODE.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "server-cert-$CODE.pem" -extfile extfile.cnf # Generate Client Certs. rm -f extfile.cnf openssl genrsa -out "key-$CODE.pem" 4096 openssl req -subj '/CN=client' -new -key "key-$CODE.pem" -out client.csr echo extendedKeyUsage = clientAuth >> extfile.cnf openssl x509 -req -days 365 -sha256 -in client.csr -passin "pass:$PASSWORD" -CA "ca-$CODE.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "cert-$CODE.pem" -extfile extfile.cnf rm -vf client.csr server.csr chmod -v 0400 "ca-key-$CODE.pem"  "key-$CODE.pem" "server-key-$CODE.pem" chmod -v 0444 "ca-$CODE.pem" "server-cert-$CODE.pem" "cert-$CODE.pem" # # # # # # # # # # # # # # # # # below separately perform the Generate keystore. JKS # download openssl toolkit wget https://biteeniu.github.io/files/jetty-6.1.26.jar Pkcs12 -export-out cert.p12 -in cert-dp.pem -inkey key-dp.pem Java -cp jetty-6.1.26.jar org.mortbay.jetty.security.PKCS12Import cert.p12 keystore.jks # Generate truststore.jks keytool -import -file ca-$CODE.pem -keystore truststore.jksCopy the code

#Viewing Basic InformationThe curl - user elastic: elastic http://127.0.0.1:9200/Copy the code