一、前言
为什么要用EFK(or ELK):
单机推荐用filebeat,非常轻量级,占用内存为10M
二、安装过程
首先,通过docker-compose安装最方便,这里是yml文件:
注意1:es, kibana, filebeat版本最好一致
注意2:物理机最低内存2G才能安装(es大概800M,kibana 200M, filebeat 100M), 实在不行加swap!
- version : '3'
- services:
- es:
- container_name: es
- image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
- ports:
- - "9200:9200"
- environment:
- - node.name=es
- - http.host=0.0.0.0
- - transport.host=127.0.0.1
- - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- - bootstrap.memory_lock=true
- - discovery.type=single-node
- - xpack.security.enabled=false
- - xpack.security.http.ssl.enabled=false
- - xpack.security.transport.ssl.enabled=false
- - ELASTIC_PASSWORD="123456"
- deploy:
- resources:
- limits:
- memory: 1000m
- volumes:
- - ./efk/es:/home
- restart: always
- kibana:
- image: docker.elastic.co/kibana/kibana:7.2.0
- container_name: kibana
- depends_on:
- - es
- volumes:
- - ./efk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml
- environment:
- SERVER_NAME: kibana
- SERVER_HOST: '0.0.0.0'
- ELASTICSEARCH_URL: "http://es:9200"
- ELASTICSEARCH_USERNAME: 'elastic'
- ELASTICSEARCH_PASSWORD: '"123456"'
- ports:
- - 5601:5601
- links: ['es']
- depends_on: ['es']
- filebeat:
- image: docker.elastic.co/beats/filebeat:7.2.0
- container_name: filebeat
- restart: always
- privileged: true
- user: root
- environment:
- - setup.kibana.host=kibana:5601
- - output.elasticsearch.hosts=["es:9200"]
- volumes:
- - /var/lib/docker/containers:/var/lib/docker/containers:ro
- - ./efk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- - /var/run/docker.sock:/var/run/docker.sock:ro
- links: ['es']
- depends_on: ['es']
下面是用到的:kibana.yml
- server.port: 5601
- server.host: "0.0.0.0"
- server.name: "kibana"
- elasticsearch.hosts: ["http://es:9200"]
- elasticsearch.ssl.verificationMode: none
- #elasticsearch.ssl.certificateAuthorities: ["/data/kibana/config/newfile.crt.pem"]
- elasticsearch.preserveHost: true
- kibana.index: ".kibana"
- i18n.locale: "en"
- elasticsearch.username: "elastic"
- elasticsearch.password: "123456"
filebeat.yml
- processors:
- - add_cloud_metadata: ~
- - add_docker_metadata: ~
- - drop_event:
- when.or:
- - contains:
- container.name: "filebeat"
- - contains:
- container.name: "kibana"
- - contains:
- container.name: "es"
- filebeat.inputs:
- - type: docker
- combine_partial: true
- containers:
- path: "/var/lib/docker/containers"
- ids: "*"
- filebeat.config:
- modules:
- path: ${path.config}/modules.d/*.yml
- reload.enabled: false
- output.elasticsearch:
- hosts: 'es:9200'
- username: "elastic"
- password: "123456"
- setup.kibana:
- host: "kibana:5601"
注:docker默认使用j做为日志驱动,记得修改log-driver为Json-fle
修改默认驱动,vi /etc/sysconfig/docker 将journald修改为json-file OPTIONS='--selinux-enabled=false --log-driver=json-file --signature-verification=fal..
重启docker, systemctl restart docker
安装好后,登陆kibana, http://ip:5601
三、设置es,kibana密码
docke登陆es:
docker exec -it es bash
进入bin, 执行 :
./elasticsearch-setup-passwords interactive
这里会设置六个账号的密码:elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
es修改密码在安装es的机器上,执行命令如下:(将密码设置为:12456)
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
校验设置的新密码是否有问题:(输入你的新密码)
curl <span class="token operator">-</span>u elastic <span class="token lifetime-annotation symbol">'http://ip:9200/_xpack/security/_authenticate?pretty</span>'
访问 http://ip:9200,需要输入账号密码才可以访问
四 、常见错误
错误一:Kibana did not load properly. Check the server output for more information.
错误二:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval'
附:
filebeat官方文档:https://www.elastic.co/guide/en/beats/filebeat/7.2/filebeat-input-docker.html
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
- · ELK/EFK中ES使用IK分词器的方式步骤
- · kibana6.8.0禁用不用的模块
- · kibana查询统计
- · 解决es报错:blocked by: [FORBIDDEN/12/index read-only / allow delete (api) ]
- · filebeat按docker容器名创建不同的索引
- · es+filebeat+elastalert2实现异常邮件提醒
- · ElasticSearch 简单入门
- · acme.sh全自动更新通配符证书
- · 软件安全:OWASP top 10详解
- · docker-compose安装phpmyadmin
- · Java基础问题13个,你都会哪些?
- · Amazon Linux 2023 安装Docker和Docker Compose