Shulou(Shulou.com)06/03 Report--

Prior to this, I have finished the theoretical knowledge of ELK in my last blog. In this blog, I will deploy a complete ELK environment. If there are any deficiencies, please criticize and testify.

1. ELK installation information

192.168.10.101 Elasticsearch+kibana

192.168.10.103 Logstash

Note: the deployment environment should deploy the JDK1.8 version because ELK is developed by the java language and therefore deploy the jdk environment in advance.

(1) I have completed the deployment here.

Java version "1.8.0,131"

Java (TM) SE Runtime Environment (build 1.8.0_131-b11)

Java HotSpot (TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

(2) download Elasticsearch+kibana, because we deploy ES and kibana on a server, so we install them sequentially. Download ES and configure

Tar zxvf elasticsearch-5.3.0.tar.gzmv elasticsearch-5.3.0 / usr/local/elasticsearchuseradd elk # since ES cannot be started by root users, it is not necessary to set the password chown-R elk / usr/local/elasticsearch/ # to create a normal user elk. Change the file owner vim / usr/local/elasticsearch/config jvm.options # to enter this file and modify the memory because my virtual machine memory is 2G, so change to 1G. You can ignore this option if your virtual machine is 4G or 8G. Vim usr/local/elasticsearch/config/ elasticsearch.yml finds the line # network.host and modifies it to 0.0.0.0 # set to listen for ip su-elk # switch user / usr/local/elasticsearch/bin/elasticsearch-d #-d, launch netstat-ntlp on behalf of the background | grep-E "9200 | 9300" # check whether the port starts the Port 9200 ES external data storage port, and the client connects to this port to send and receive data Port 9300 ES to the ports of internal distributed cluster nodes, communication between distributed nodes; 1. Now that ES has been configured, deploy Kibana

Tar zxvf kibana-5.3.0-linux-x86_64.tar.gzmv kibana-5.3.0-linux-x86_64 / usr/local/kibana/usr/local/kibanachown-R elk.root * # change owner vim / usr/local/kibana/config/ kibana.yml find # server.host # remove comments and write 0.0.0.0 find # elasticsearch.url: # write native ip+port after startup comments If a node starts kibanacd / usr/local/kibana/binnohup. / kibana separated by commas & launches netstat-tnl in the background mode | grep-E "9200 | 9300 | 5601" # whether the port is enabled or not, and 5601 opens the browser for the kibana port and enters the kibana server ip. The following interface appears for successful access

2. The default interface is the English interface, which is not convenient for managers, so we need to support the Chinese version of ELK-WEB.

Download address: wget http://bbs.jfedu.net/download/Kibana_Hanization_2018.tar.gz since the process of Sinicization is irreversible, Kibana should be backed up cp kibana/ kibana.bak-a tar xzf Kibana_Hanization_2018.tar.gz python main.py / usr/local/kibana before Sinicization.

(1) Open the browser to check whether the Sinicization is successful.

2. ES+Kibana has been configured. Next, configure client Logstash.

Tar xzf logstash-5.3.0.tar.gzmv logstash-5.3.0 / usr/local/logstash/usr/local/logstash mkdir etc # does not have an etc file by default, so create a new one because it contains instructions from the Logstash collection client

(1) We collect Nginx logs on the client side

Vim / usr/local/logstash/etc/nginx_logs.conf input {file {type = > "nginx-access" path = > "/ usr/local/nginx/logs/access.log"}} output {elasticsearch {hosts = > "192.168.10.101" # fill in the address of the ES server}} nohup.. / bin/logstash-f nginx_log.conf & # launch Logstash

1. Open a Kibana browser to see the Nginx access log clearly.

III. Kibana Security Certification

When we have installed ES and Kibana to start the process, it can be accessed directly in the browser, which is not conducive to data security. Next, we use the password authentication of Apache for security configuration. Forward only ES and kibana servers by accessing Nginx.

The Kibana server installs Nginx:

Um install pcre-devel pcre- ywget-c http://nginx.org/download/nginx-1.12.0.tar.gz tar-xzf nginx-1.12.0.tar.gzuseradd www; cd nginx-1.12.0./configure-user=www-group=www-prefix=/usr/local/nginx-with-http_stub_status_module-with-http_ssl_modulemake & & make install

(1) the code for modifying the Nginx.conf configuration file is as follows:

Worker_processes 1 listen events {worker_connections 1024;} http {include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream jvm_web1 {server 127.0.0.1 http 5601 weight=1 max_fails=2 fail_timeout=30s;} server {listen 80; server_name localhost; location / {proxy_set_header Host $host Proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://jvm_web1;}

1. Modify the kibana configuration file listening IP to 127.0.0.1:

2. Restart the kibana and Nginx services and access them through port Nginx 80 as follows:

3. Add Nginx permission authentication:

Add the following code to the Nginx.conf configuration file location /:

Auth_basic "ELK Kibana Monitor Center"; auth_basic_user_file / usr/local/nginx/html/.htpasswd; generates a user name and password through the Apache encryption tool htpasswd: htpasswd-c / usr/local/nginx/html/.htpasswd admin

4. Restart the Nginx web service and visit as follows:

You can log in successfully if the user name and password are correct, as shown in the following figure:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.