搭建ELK环境基础(ubuntu):下载并安装elastic的keywget-qO-https://artifacts.elastic.co/GPG-KEY-elasticsearch|sudoapt-keyadd-安装apthttps工具sudoapt通过apt工具安装-getinstallapt-transport-httpsupdateaptsourceecho"debhttps://artifacts.elastic.co/packages/7.x/aptstablemain"|sudotee/etc/apt/sources.list.d/elastic-7.x.listelasticsearch安装配置installelasticsearchsudoapt-getupdate&&sudoapt-getinstallelasticsearchsetupbootstartsudo/bin/systemctldaemon-reloadsudo/bin/systemctlenableelasticsearch.servicestartshutdowncommandsudosystemctlstartelasticsearch.servicesudosystemctlstopelasticsearch.service设置登录验证功能vim/etc/elasticsearch/elasticsearch.yml添加如下配置:xpack.security.enabled:truexpack.license.self_generated.type:basicxpack.security.transport.ssl.enabled:true修改如下配置//配置但是节点模式,如果不启用,会启动discovery.type:single-node//设置为0.0.0.0访问network.host:0.0.0.0保存后,systemctlrestartelasticsearch.service设置账号密码,执行以下命令:/usr/share/elasticsearch/bin/elasticsearch-setup-passwordsinteractive内置的用户有elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user。设置阿里云安全组阿里云安全组入站方向为发布9200,即可通过外网访问elasticsearch。上面设置了账号密码,elastic是超级管理员。kibana安装配置安装kibanasudoapt-getupdate&&sudoapt-getinstallkibanasettingbootstartsudo/bin/systemctldaemon-reloadsudo/bin/systemctlenablekibana.servicestartshutdowncommandsudosystemctlstartkibana.servicesudosystemctlstopkibana.service设置登录验证功能vim/etc/kibana/kibana.yml修改如下配置//设置为0.0.0.0外网访问server.host:"0.0.0.0"elasticsearch.username:"kibana_system"elasticsearch.password:》密码保存后,systemctlrestartkibana.service设置阿里云安全组,阿里云安全组输入方向释放5601,就可以从外网访问kibana了,可以使用elastic账号登录本地防火墙设置(非必要)aptinstallufwufwallowip:portsystemctlrestartufw.servicelogtrackingelasticsearchlogtail-f/var/log/elasticsearch/elasticsearch-plain.log或tail-f/var/log/elasticsearch/elasticsearch.log其他产品同上ELK产品目录说明以elasticsearch为例,apt安装的目录如下://主程序目录/usr/share/elasticsearch//配置文件目录/etc/elasticsearch//日志目录/var/日志/弹性搜索H
