Elasticsearch + logstash + kibana (elk) is a set of open source log management scheme. When analyzing website access, we usually use Google / Baidu / cnzz and other methods to embed JS for data statistics. However, when the website access is abnormal or attacked, we need to analyze the specific log of nginx in the background, and nginx log segmentation / goaccess / awstats Both of them are relatively simple single node solutions. For distributed clusters or when the data level is large, it will be more than enough. The appearance of elk can make us face new challenges calmly.
Logstash: responsible for the collection, processing and storage of logs
Elastic search: responsible for log retrieval and analysis
Kibana: responsible for visualization of logs
ELK(Elasticsearch + Logstash + Kibana)
Download RPM package
P.S：As the speed of ES’s official website is not friendly to our country, I have sent the installation package to the domestic website and can download it directly
Windows: first download on the host, upload to the server through the software
Linux: upload to server through SCP command
yum -y install elasticsearch-7.8.0-x86_64.rpm sed -i '17s/#cluster.name: my-application/cluster.name: elk/' /etc/elasticsearch/elasticsearch.yml sed -i '23s/#node.name: node-1/node.name: node-1/' /etc/elasticsearch/elasticsearch.yml sed -i '55s/#network.host: 192.168.0.1/network.host: 127.0.0.1/' /etc/elasticsearch/elasticsearch.yml systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch
yum -y install kibana-7.8.0-x86_64.rpm sed -i '7s/#server.host: "localhost"/server.host: "0.0.0.0"/' /etc/kibana/kibana.yml sed -i '28s/#elasticsearch.hosts: .*/elasticsearch.hosts: ["http:\/\/127.0.0.1:9200"]/' /etc/kibana/kibana.yml #Clear firewall rules iptables -F service iptables save systemctl enable kibana systemctl start kibana
yum -y install logstash-7.8.0.rpm
Visit http: / / server address: 5601/
So far, the elk (elastic search + logstash + kibana) building tutorial is over
- If you need to add security group rules to alicloud ECs, release port 5601
Write at the end
If the document is helpful to you, leave a like before you go. Your click is my biggest motivation.
I’m keyboard man. In reality, I’m submissive. On the Internet, I fight hard, pay attention to me, and keep updating Linux dry goods tutorial.
More keyboard man linux series tutorials: link address
For more Linux dry goods tutorials, please visit: (reply)