ELK获取nginx日志荐

> ELK下载地址
```
https://www.elastic.co/cn/downloads/a
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.12.1-linux-x86_64.tar.gz
wget ht日志和日记的区别tps://artifactsging.elastic.co/do二类卡wnloads/logstash/logstash-7.12二类卡每天转入转出各多少.1-linnginx反向代理ux-x86_64.tar.gz
wget https://artifacts.elas恩里克tic.c二类卡和一类卡的区别o/downloads/kibana/kibana-7.12.1-linux-x86_64.tar.gz
wgegingert helk是什么意思中文ttps:/nginx启动命令/artifacts.elastic.co/elkamtikindownloads/beanginx菜鸟教程ts/filebeat/filebeat-7.12.1-linux-x86_64.tar.gz
```
>ELK 安装elaticSearch
```initial
hostnamectl set-hostname node-1
```
```
yum -into1y install java*
```
```
tar -zxvf elasticsearch-7.12.1-linux-x8elkamtikin6_64.tarinitial.gz
mv e二类卡lasticsins下载earch二类卡可以当工资卡吗-7.12.1/config/e日志是什么意思啊lasticsearch.yml elasticsearch-7.12.1/config/elasticsenginx面试题arch.yml.bak
```
```
vi elasticsearch.yml
cluster.initial_master_nodes: ["node-1"]
cluster.name: es-appliginocation
node.name: node-1
network.ho日志大全st: 0.0.0.0
http.port: 9200
path.data: /home/elk/elasticsearch-7.12.1/data
path.logs: /nginx反向代理home/elk/elasticsearch-7.12.1/logs
http.cors.enabled: true
http.cors.allow-origin: "*"
useradd elk
useradd elk
chown -R elk:elk /home/elk/elasticsearch-7.12.1
```
``ginkgo`
vi /etc/securityinstagram安卓下载/limits.conf
* soft nofile 65536
* hard no日志怎么写file 65536
```
```
vi /etc/sysctl.conf
vm.m日志大全感悟人生ax_map_count=655360
```
> 务必执行:
```
reboelkamtikinot
```恶露快干净了又有鲜血
```
systemctl stop firew日志格式规范alld
systemctl enable firewalld
```
```
su elk
./elasticsearch-7.12.1/bin/elastiginocsearch -d
```
> 查看是否启动了 9200 9300端口
```
netstat -nltp
```
```
访问 http://192.168.43.116:9200/
```
![](https://s4.51cto.com/images/blog/202105/21/b7db300915441c7416f5eeb4a5d18567.png?x-ossnginx菜鸟教程-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,cginolor_FFFFFF,t_100,g_se,interestx_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
> 安装Logst日志英文ash
> 以nginx日志为例
```
tar -zxvf日志大全感悟人生 logstash-7.12.1-linux-x86_64.tar.gzindividual
```
```ginger什么意思
sudo rpm -ivh http://nginxginkgo.org/packages/centos/7/noarch/RPMS/ngininto1x-release-centos-7-0.el7.ngx.noarch.rpm
```
```
yum repolist
yum iinitialnstall nginx
systemctl enable nginx
```
> 附上一份nginx配置,因为yum之后配置文件貌似有点少,有其他需求自行更改
> 将图片放到/home/instagramimages/下进行测试
```
http://192.168.43.116:8088/TEST.png
```
```
vi /etc/nginx/nginx日志和日记的区别.conf
usintroduceer root;
worker_processes auto;
error_log /var/log/nginx/erro日志r.log notice;
pid /var/run/nginx.pid;
evegin网络用语的意思nts {
worker_connectionsginger 1024;
}
http {
inclgingude /etc/nginx/mime.types;
default_type appintroducel饿了可以吃饭吗ication/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sengin什么意思t "$http_reinto1ferer" '
'"$http_user_agent" "$http_x_forwarded_fnginx怎么读or"'日志英文;
access_log /var/log/nginx/elk_access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#日志获取的字段
log_format main2 '日志格式规范$http_host $remote_addr - $remote_user [$time_local] "$request" '
'$statusnginx面试题 $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$upstream_addr" $request_time';ELK
server {
listen 8088;#写内网端口nginx反向代理,访nginx重启问时用外网端口进行映射访问
sginoerver_name localhost;
#charset koi8-r;
#accenginx负载均衡策略ss_log logs/host.access.log main;
loc日志和日记的区别anginx面试题tion ~ .*\.(gif|jpg|jpeg|png)$ {
expires 24h;
root /honginx启动命令me/images/;#指定图片存放路径
accginkgoess_log /etc/nginx/logs/images.lgin什么意思og;#图片 日志路径
proxy_store onELK;
proxy_store_access user:rw group:rw all:rw;
proxy_temp_path /home/images/;#代理临时路径
prgin什么意思网名oxy_redirect off;
#日志路径
access_log /var/log/nginx/elk_accessinterest.log main2;
proxy_set_header Host 127.0.0.1;
proxy_set_header X-Real-IPgino $remote_addr;
pro日志大全xy_set_header X-Forwarded-For $proxy_add_x_forwarded_f日志大全or;
client_max_body_size 10m;
client_body_buffer_size 1280k;
proxy_connect_timeout 900;
proxy_segingnd_timeout 900;
proxy_read_timeout 900;
pro恶露快干净了又有鲜血xy_buffer_size 40k;
prgin什么意思oxynginx反向代理_buffers 40 320k;
proxy_bgingusy_buffers_size 640k;
proxy_temp_fil日志大全感悟人生e_write_size 640k;
if ( !-e $request_filename)
{
pr恩里克oxy_pass http://127.0.0.1:8088;#代理访问地址,和上面的端口一致
}
}
location / {
root html;
index index.html index.htm;
add_header X-Frame-Optiointo1ns SAMEORIGIN;
proxy_seintroducet_headeinitialr Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwardedinstagram_for;
# alias /home/images/;
try_files $uri $uri/ /index.htmlins下载 last;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.htmlnginx菜鸟教程;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.gin什么意思0.1恶露快干净了又有鲜血:80
#
#locatio二类卡和一类卡的区别n ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcginteresti_index index.php;
# faintereststcgi_param SCRInginx负载均衡策略PT_FginoILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# den日志大全y access to .htaccess files, if Apache's document ro日志和日记的区别ot
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#nginx负载均衡策略
#server {
# listen 8000;
# listen somename:8080;
# server_name somename agingerlias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS sergintamaver
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certiELKficate cert.pem;
# ssl_certificate_key cert.key;
# ssl_snginx面试题ession_cache shared:SSL:1m;
# ssl_session_timnginx反向代理eout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
include /etc/nginx/conf二类卡可以当工资卡吗.d/*.conf;
}
```
```
systemctl restart nginx
```
> 编辑logstash 配置
```
vi logstash-7.12.1/config/nginx_access.conf
input {
file {
path => "/var/log/nginx/elk_access.log"elk是什么意思中文 #设置为n日志英文ginx访问日志的路径
start_position => "beginning"日志和日记的区别
type => "nginx"
}
}
filter {
grok {
match => { "message" => "%{IPORHOST:http_host} %{nginx配置IPORHOST:clientip} - %{USERNAME:remote_user} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb日志文件} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUinitialMBER:response} (?:%{NUMBER:二类卡和一类卡的区别bytes_read}|-) %{QS:referrer} %{QS:agent} %{QS:xfor日志wardedfor}nginx负载均衡策略 %{NUMBER:request_time:float}"}
}
geoip {
source => "clientip"
}
}
oelkamtikinutput {
stdout { codec => rubydebug }
elasticsearins下载ch {
hosts => ["192.168.43.116:9200"] #也可以为集群内其它机器的地址
index => "ngiinstagram安卓下载nx-test-%{+YYYY.MM.dd}"
}
}
```
> 两种启动方式,一种打ginger什么意思印日日志英文志一种不打印,建议使用第一种,可以nginx看到报错,当可以正常启动之后再用第二ginkgo
```
./logstash-7.12.1/bin/logstash -f logstash-7.12.1/config/nginx_access.conf
nohup ./logstash-7.12.1/bin/logstas日志英文h -f logstash-7.12.1/config/nginx_access.ginconf &
```
![](https://s4.51cto.com/images/blog/202105/21/6534ELKc523e05524d8nginx负载均衡aagingerbreaddbabbaea4c1339.png?x-oss-process=image/wateinstagramrmark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZWinterest5naGVpdGk=)
> 注:lelk是什么意思中文ogstgintamaash出现如下报错,是之前运行的instance有nginx负载均衡缓冲
```
-----------------------------------------------------------------------------------------------------------------------nginx启动命令---------
Logstash could not be started because there is already another instance using the configured da日志ta directory. If you wish to run multiple instances, you must change the "path.data" setting.
需要进入/logstash-7.12.1/data 删除.lock 文件之后重新启动即可
cd /logstash-7.12.1/data &nginx反向代理&interestamp; rm -rf .lock
--------instead------------二类卡和一类卡的区别-----------------------------二类卡可以当工资卡吗-------ins下载-----individual-nginx菜鸟教程----------二类卡--------------------------------------------------------
```
> 安装Kibana
```
tar -zxvf kibana-7.12.1-linux-x86_64.tar.gz日志和日记的区别
``日志英文`
```
mv kibana-7.12.1-linux-x86_64/config/kibana.yml kibangingera-7.12.1-linux-x8恩里克6_64/confinginx面试题g/kibana.yml.bak
```
```
vi kibana-7.12.1-linux-x86_64/config/kibana.yml
server.port: 5601elk是什么意思中文
server.host: "192.168.43.116"
elasticsearch.hostnginx面试题s: ["http://192.168.43.116:9200"]
i18n.locale: "zh-CN" #kibana设置中文模式
```
```
chown -R elk:elk kibinterestana-7.12.1-linux-x86_64
```
```
su - elk
```
```
nohup ./kibana-7.12.1-lingin网络用语的意思ux-x86nginx反向代理_64/b二类卡每天转入转出各多少in/kibanaELK &
```
```
http://192.168.43.1ging16:5601
```
![](https://s4.51cto.com/images/blog/202105/21/ae154e2249f77825a26e34ea9c54fcb3.png?x-oss-process=image/watermark,size_14,text_QDUxQin1RP5Y2a5a6i,color_nginx面试题FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGkins=)
> 重启kinbana(ELK需要的时候在执行)
```
netsnginx面试题tat -anltp|grep 5601
kill -9 (LISTEN后面的端口)
```
> 创建into1索引收集日instagram安卓下载
![](https://s4.51cto.cominitial/images/blog/202105/21/3d6ee3ff0eb39b3b5cedb1e9bf05bdd9.png?x-oss-process=image/watermark,si日志怎么写ze_14,text_QDUxQ1RP5Y2a5a6i,conginx启动命令lor_FFintroduceFFFF,t_100,g_se,x_10,y_1into10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![](https://s4.51cto.com/images/blog/202105/21/530a6deaa50fe9a743e4dbe7a4a955fc.png?nginx是什么意思x-onginx是什么意思ss-process=image/watermark,二类卡可以当工资卡吗size_14,text_QDUxQ1RP5日志和日记的区别Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3pogin什么意思ZW5naGVpdGknginx负载均衡策略=)
![](https://s4.51cto.com/images/blog/202105/21/630d0cdeb1aec25bb6c133484da7c二类卡437.png?xins-oss-process=image/watermark,nginxsize_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,gingerbreadt_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
![](https://s4.51cto.com/images/blog/202105/21/8159314d508b1d1e56e348da714b940b.png?x-oss-pro日志级别cess=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZWginkgo5naGVpdGk=)
![](https://s4.51cins下载to.com/images/blog/202105/21/209b85f1998nginx面试题0a4233d63fb5160835940.png?x-oindividualss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,typenginx菜鸟教程_ZmFuZ3poZW5naGVpdGk=)
![](nginx是什么意思https://s4.51cto.com/images/blog/202105/21/47ed9807e0b12c0ae70aa66b1ea07295.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FinitialFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_Zinstagram安卓下载mFuZ3poZW5naGVpdGk=)
> 选择创建的索引
![](https://s4.51cto.cominto1/images/blog/日志大全感悟人生202105/21/0d9caff08dff29568e201d0766122c5enginx重启.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_1nginx重启0,shadow_20,type_ZmFuZindividual3poZW5naGVpdGk=)
![](https://s4.5二类卡可以当工资卡吗1cto.com/images/blog/202105/21/20f7984062be3d9fedd2c61afnginx是什么意思50b30c9.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
> 如果没有日志调整下时间
![](https://s4.51cto.com/images/blog/2021gin网络用语的意思05/21/725b39f55376949af83212f9bgingerbread3eec623.png?x-oss-process=image/watermargingk,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)
**因为开了护眼模式所以截图颜色有ginkgo点变化**