You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
<h1><center>Kibana之Filebeat的Nginx模块</center></h1>
|
|
|
|
|
|
|
|
|
|
作者:行癫(盗版必究)
|
|
|
|
|
|
|
|
|
|
------
|
|
|
|
|
|
|
|
|
|
一:Filebeat之Nginx模块使用
|
|
|
|
|
|
|
|
|
|
注意:该服务器需要有运行的Nginx服务
|
|
|
|
|
|
|
|
|
|
1.ES节点安装ES模块
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
bin/elasticsearch-plugin install ingest-geoip
|
|
|
|
|
bin/elasticsearch-plugin install ingest-user-agent
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
注意:
|
|
|
|
|
|
|
|
|
|
切换到ES运行用户
|
|
|
|
|
|
|
|
|
|
切换到安装目录下执行
|
|
|
|
|
|
|
|
|
|
安装完成后重启ES
|
|
|
|
|
|
|
|
|
|
2.被搜集日志的服务器安装Filebeat
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm
|
|
|
|
|
sudo rpm -vi filebeat-6.5.4-x86_64.rpm
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
注意:
|
|
|
|
|
|
|
|
|
|
软件包可以直接从服务器下载
|
|
|
|
|
|
|
|
|
|
3.修改Filebeat主配置文件
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
vi /etc/filebeat/filebeat.yml
|
|
|
|
|
output.elasticsearch:
|
|
|
|
|
hosts: ["<es_url>"]
|
|
|
|
|
username: "elastic"
|
|
|
|
|
password: "<password>"
|
|
|
|
|
setup.kibana:
|
|
|
|
|
host: "<kibana_url>"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
注意:
|
|
|
|
|
|
|
|
|
|
如果ES没有使用用户和密码登录则不需要修改该参数
|
|
|
|
|
|
|
|
|
|
在配置文件中找到指定位置修改
|
|
|
|
|
|
|
|
|
|
4.启动Nginx模块
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
filebeat modules enable nginx
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
5.修改模块配置文件
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
vi /etc/filebeat/modules.d/nginx.yml
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```yml
|
|
|
|
|
- module: nginx
|
|
|
|
|
access:
|
|
|
|
|
enabled: true
|
|
|
|
|
var.paths: ["/path/to/log/nginx/access.log*"]
|
|
|
|
|
error:
|
|
|
|
|
enabled: true
|
|
|
|
|
var.paths: ["/path/to/log/nginx/error.log*"]
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
注意:
|
|
|
|
|
|
|
|
|
|
只需要修改路径即可
|
|
|
|
|
|
|
|
|
|
6.启动Filebeat
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo filebeat setup
|
|
|
|
|
sudo service filebeat start
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
7.测试是否可以获取数据
|
|
|
|
|
|