kibana linux

  1. Elasticsearch 설치

yum -y install java

rpm -qa | grep java

rpm –import https://packages.elastic.co/GPG-KEY-elasticsearch

vi /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-2.x]

name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum -y install elasticsearch

rpm -qa | grep elasticsearch

vi /etc/elasticsearch/elasticsearch.yml
54 network.host: 192.168.0.221
58 http.port: 9200

systemctl enable elasticsearch

systemctl start elasticsearch

systemctl status elasticsearch

lsof -i tcp:9200

vi /etc/services #포트 변경

wap-wsp 9200/tcp # WAP connectionless service

wap-wsp 9200/udp # WAP connectionless service

elasticsearch 9200/tcp # ElasticSearch Service
elasticsearch 9200/udp # ElasticSearch Service

vi /etc/yum.repos.d/kibana.repo

[kibana-4.5]

name=Kibana repository for 4.5.x packages
baseurl=http://packages.elastic.co/kibana/4.5/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum -y install kibana

rpm -qa | grep kibana

vi /opt/kibana/config/kibana.yml
2 server.port: 5601
5 server.host: “192.168.0.221”
15 elasticsearch.url: “http://192.168.0.221:9200”

systemctl enable kibana

systemctl start kibana

systemctl status kibana

netstat -natlp | grep 5601

lsof -i tcp:5601

ps -ef | grep kibana

vi /etc/services #5601 포트를 Kibana로 변경

esmagent 5601/tcp # Enterprise Security A$

esmagent 5601/udp # Enterprise Security A$

kibana 5601/tcp # Kibana Service
kibana 5601/udp # Kibana Service

vi /etc/yum.repos.d/logstash.repo

[logstash-2.3]

name=logstash repository for 2.3 packages
baseurl=http://packages.elasticsearch.org/logstash/2.3/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1

yum -y install logstash

rpm -qa | grep logstash

vi /etc/logstash/conf.d/logstash.conf

input {
beats {
port => 5044
type => “logs”
ssl => false
#ssl_certificate => “/etc/pki/tls/certs/logstash.crt”
#ssl_key => “/etc/pki/tls/private/logstash.key”
}
}
filter {
if [type] == “syslog” {
grok {
match => { “message” => ” %{SYSLOGTIMESTAMP:syslog_timestamp}
%{SYSLOGHOST:syslog_hostname}
%{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?:
%{GREEDYDATA:syslog_message}” }
add_field => [ “receive_at”, “%{@timestamp}” ]
add_field => [ “receive_from”, “%{host}” ]
}
syslog_pri { }
date {
match => [ “syslog_timestamp”, “MMM d HH:mm:ss”, “MMM dd HH:mm:ss” ]
}
}
}

output {
elasticsearch { hosts => [“192.168.0.221:9200”] }
stdout { codec => rubydebug }
}

service logstash configtest

systemctl start logstash

chkconfig logstash on

systemctl status logstash

cd /opt/logstash/bin

./logstash -f /etc/logstash/conf.d/logstash.conf

lsof -i tcp:5044

vi /etc/services #포트 변경

lxi-evntsvc 5044/tcp # LXI Event Service

lxi-evntsvc 5044/udp # LXI Event Service

logstash 5044/tcp # Logstash Log Server
logstash 5044/udp # Logstash Log Server

firewall-cmd –permanent –add-port=9200/tcp

firewall-cmd –permanent –add-port=5044/tcp

firewall-cmd –permanent –add-port=5601/tcp

firewall-cmd –reload

firewall-cmd –list-ports

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다