90 lines
1.5 KiB
Markdown
90 lines
1.5 KiB
Markdown
<h1><center>Kibana之Filebeat的Nginx模块</center></h1>
|
||
|
||
|
||
|
||
------
|
||
|
||
一:Filebeat之Nginx模块使用
|
||
|
||
注意:该服务器需要有运行的Nginx服务
|
||
|
||
1.ES节点安装ES模块
|
||
|
||
```shell
|
||
bin/elasticsearch-plugin install ingest-geoip
|
||
bin/elasticsearch-plugin install ingest-user-agent
|
||
```
|
||
|
||
注意:
|
||
|
||
切换到ES运行用户
|
||
|
||
切换到安装目录下执行
|
||
|
||
安装完成后重启ES
|
||
|
||
2.被搜集日志的服务器安装Filebeat
|
||
|
||
```shell
|
||
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm
|
||
sudo rpm -vi filebeat-6.5.4-x86_64.rpm
|
||
```
|
||
|
||
注意:
|
||
|
||
软件包可以直接从服务器下载
|
||
|
||
3.修改Filebeat主配置文件
|
||
|
||
```
|
||
vi /etc/filebeat/filebeat.yml
|
||
output.elasticsearch:
|
||
hosts: ["<es_url>"]
|
||
username: "elastic"
|
||
password: "<password>"
|
||
setup.kibana:
|
||
host: "<kibana_url>"
|
||
```
|
||
|
||
注意:
|
||
|
||
如果ES没有使用用户和密码登录则不需要修改该参数
|
||
|
||
在配置文件中找到指定位置修改
|
||
|
||
4.启动Nginx模块
|
||
|
||
```shell
|
||
filebeat modules enable nginx
|
||
```
|
||
|
||
5.修改模块配置文件
|
||
|
||
```shell
|
||
vi /etc/filebeat/modules.d/nginx.yml
|
||
```
|
||
|
||
```yml
|
||
- module: nginx
|
||
access:
|
||
enabled: true
|
||
var.paths: ["/path/to/log/nginx/access.log*"]
|
||
error:
|
||
enabled: true
|
||
var.paths: ["/path/to/log/nginx/error.log*"]
|
||
```
|
||
|
||
注意:
|
||
|
||
只需要修改路径即可
|
||
|
||
6.启动Filebeat
|
||
|
||
```shell
|
||
sudo filebeat setup
|
||
sudo service filebeat start
|
||
```
|
||
|
||
7.测试是否可以获取数据
|
||
|