docker 部署elk单节点

2023-10-04 19:50:28

yum install -y yum-utils device-mapper-persistent-data lvm2
yum -y install wget vim
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
docker --version
mkdir /etc/docker
cat > /etc/docker/daemon.json << EOF
 {
"registry-mirrors": ["https://jo6348gu.mirror.aliyuncs.com"]
 }
EOF
systemctl enable docker && systemctl start docker

vi /etc/security/limits.conf  #末尾追加
es soft nofile 65536
es hard nofile 65536
es soft nproc 65536
es hard nproc 65536
 
vi /etc/security/limits.d/20-nproc.conf  #将*改为用户名es
es          soft    nproc     4096
root       soft    nproc     unlimited
 
vi /etc/sysctl.conf
vm.max_map_count=655360
sysctl -p

mkdir -p /data/es/config
cd /data
wget https://mirrors.huaweicloud.com/elasticsearch/7.8.0/elasticsearch-7.8.0-linux-x86_64.tar.gz
tar -zxvf elasticsearch-7.8.0-linux-x86_64.tar.gz
cp -r elasticsearch-7.8.0/config/* /data/es/config

vi /data/es/config/elasticsearch.yml  #追加配置文件
discovery.type: single-node     #单节点模式
network.host: 0.0.0.0

useradd es

passwd es

cd /data
chown -R es:es es
chmod -R 777 es

docker run -d --name es -p 9200:9200 -p 9300:9300 -v /data/es/config/:/usr/share/elasticsearch/config -v /data/es/data/:/usr/share/elasticsearch/data elasticsearch:7.8.0

2.部署kibana
mkdir /data/kibana
cd /data
vim kibana/kibana.yml


server.host: 0.0.0.0
 
elasticsearch.hosts: ["http://192.168.0.34:9200"]
 
i18n.locale: "zh-CN"

docker run -d --name kibana -p 5601:5601 -v /data/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml:ro kibana:7.8.0

3.logstash部署
mkdir -p /data/logstash/config
vi /data/logstash/config/logstash.conf
input {
  beats {
    port => 5044
  }
}

filter {
  dissect {
    mapping => { "message" => "[%{Time}] %{LogLevel} %{message}" }
  }
}
 
output {
  if "secure.log" in [tags] {
    elasticsearch {
      hosts => ["http://192.168.0.34:9200"]
      index => "secure.log"
    }
  }
  else if "logstash.log" in [tags] {
    elasticsearch {
      hosts => ["http://192.168.0.34:9200"]
      index => "logstash.log"
    }
  }
}

vi /data/logstash/config/logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: [ "http://192.168.0.34:9200" ]



docker run -d -p 5044:5044 -p 9600:9600 --name logstash  -v /data/logstash/config:/usr/share/logstash/config logstash:7.8.0

上一篇:CentOS7使用yum方式安装Containerd


下一篇:记录一下NginxServer配置用到的rpm及链接