Elasticsearch https://www.elastic.co/cn/downloads/elasticsearch
1 2 3 4 5 6 7 8 9 10 11 12 13 14 使用非root用户 vim config/jvm.options -Xms1g -Xmx2g vim config/elasticsearch.yml xpack.security.http.ssl: enabled: false keystore.path: certs/http.p12 xpack.security.transport.ssl: enabled: false 启动后看日志,密码在里面
Kibana https://www.elastic.co/cn/downloads/kibana
1 2 3 4 5 6 7 使用非root用户 vim config/kibana.yml server.host : "0.0.0.0" elasticsearch.hosts : ["http://localhost:9200" ] elasticsearch.username : "test" elasticsearch.password : "123456" elasticsearch.ssl .verificationMode : none
Fluentd 1 2 3 4 5 6 7 curl -fsSL https:// toolbelt.treasuredata.com/sh/i nstall-redhat-fluent-package5-lts.sh | sh 查看fluetd配置文件是否正确:fluentd --dry-run -c fluent.conf systemctl start fluentd.service
编辑配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 vim /etc/fluent/fluentd.conf <source> @type tail format /^(?<all >.*)$/ path /var/log /nginx/access .log * #pos_file /home/fluentd/nginx-access .pos tag nginx.access </source> <match nginx.access > @type elasticsearch host 127.0 .0 .1 port 9200 flush_interval 5 s logstash_format true logstash_prefix nginx-access scheme http user test password 123456 </match> # 访问 http://172.12 .1 .150 :5601 /app/management/kibana/dataViews # 这样能在kibana 创建数据视图时搜到nginx 的数据集了
多行匹配
1 2 3 4 5 6 7 8 9 10 11 12 <source > @type tail path /path/to/java.log pos_file /var/log/fluentd/java.log.pos tag java.logs <parse > @type multiline format_firstline /^\d {4} -\d {2} -\d {2} / format1 /^(?<timestamp > \d {4} -\d {2} -\d {2} \d {2} :\d {2} :\d {2} )\s+(?<message > .*)$/ multiline_start_regexp /^\d {4} -\d {2} -\d {2} / </parse > </source >