溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
log_format main_cookie '$remote_addr\t$host\t$time_local\t$status\t$request_method\t$uri\t$query_string\t$body_bytes_sent\t$http_referer\t$http_user_ag
ent\t$bytes_sent\t$request_time\t$upstream_response_time\t$aoji_uuid\t$aoji_session_uuid';軟件包如下:
elasticsearch-7.6.0-linux-x86_64.tar.gz 解壓到 /data/ 目錄
tar xf elasticsearch-7.6.0-linux-x86_64.tar.gz && mv elasticsearch-7.6.0 /data/配置文件所在目錄:/data/elasticsearch-7.6.0/config 修改配置文件elasticsearch.yml
node.name: es-1
network.host: 172.31.0.14
http.port: 9200
xpack.security.enabled: true
discovery.type: single-node su - admin
/data/elasticsearch-7.6.0/bin/elasticsearch -d在elasticsearch-7.6.0/bin/目錄下運行elasticsearch-setup-passwords設置密碼(賬號默認為elastic):
./elasticsearch-setup-passwords interactive
它會不止是設置elasticsearch,其他的kibana、logstash也會一起設置了,密碼最好全設置同一個 tar xf logstash-7.6.0.tar.gz && mv logstash-7.6.0 /data/logstash
修改配置文件logstash.yml,內容如下:
node.name: node-1
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 123456
xpack.monitoring.elasticsearch.hosts: ["http://172.31.0.14:9200"]
在confg目錄下創建nginx_access.conf, 內容如下:
input {
file {
path => [ "/data/weblog/yourdoamins/access.log" ]
start_position => "beginning"
ignore_older => 0
}
}
filter {
grok {
match => { "message" => "%{IPV4:client_ip}\t%{HOSTNAME:domain}\t%{HTTPDATE:timestamp}\t%{INT:status}\t(%{WORD:request_method}|-)\t(%{URIPATH:ur
i}|-|)\t(?:%{DATA:query_string}|-)\t(?:%{BASE10NUM:body_bytes_sent}|-)\t%{DATA:referrer}\t%{DATA:agent}\t%{INT:bytes_sent}\t%{BASE16FLOAT:request_time}
\t%{BASE16FLOAT:upstream_response_time}" }
}
geoip {
source => "client_ip"
target => "geoip"
database => "/data/logstash/GeoLite2-City.mmdb"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
convert => [ "response","integer" ]
convert => [ "bytes","integer" ]
replace => { "type" => "nginx_access" }
remove_field => "message"
}
}
output {
elasticsearch {
hosts => ["172.31.0.14:9200"]
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
user => "elastic"
password => "123456"
}
stdout {codec => rubydebug}
}相關配置文件解釋,請自行查看官方文檔或Google
然后就是logstash中配置的GeoIP的數據庫解析ip了,這里是用了開源的ip數據源,用來分析客戶端的ip歸屬地。官網在這里:MAXMIND
tar xf GeoLite2-City_20200218.tar.gz
cd GeoLite2-City_20200218 && mv GeoLite2-City.mmdb /data/logstash
測試下logstash 的配置文件,使用它自帶的命令去測試,如下:
#./bin/logstash -t -f config/nginx_access.conf
Configuration OKcd /data/logstash/
nohup /data/logstash/bin/logstash -f config/nginx_access.conf &tar xf kibana-7.6.0-linux-x86_64.tar.gz && mv kibana-7.6.0 /data/修改配置文件kibana.yml,內容如下:
server.port: 5601
server.host: "172.31.0.14"
elasticsearch.hosts: ["http://172.31.0.14:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
i18n.locale: "zh-CN"nohup /data/kibana-7.6.0/bin/kibana & upstream yourdomain {
server 172.31.0.14:5601;
}
server {
listen 80;
server_name yourdomain;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_certificate /data/ssl/yourdomain.cer;
ssl_certificate_key /data/ssl/yourdomain.key;
ssl_trusted_certificate /data/ssl/yourdomain.ca.cer;
location / {
proxy_pass http:// yourdomain;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_502 http_504 http_404 error timeout invalid_header;
}
access_log /data/weblog/yourdomain/access.log main;
error_log /data/weblog/yourdomain/error.log;
} 后續Kibana中添加索引,配置可視化圖形都很簡單了,官方文檔比較全面自行發揮配置即可,
以上就是生產環境配置,由于鄙人水平有限,有什么配置不當得地方請小伙伴們指正糾錯,感謝。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
