ELK/Kibana之Filebeat的Nginx模块.md

90 lines
1.5 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<h1><center>Kibana之Filebeat的Nginx模块</center></h1>
------
Filebeat之Nginx模块使用
注意该服务器需要有运行的Nginx服务
1.ES节点安装ES模块
```shell
bin/elasticsearch-plugin install ingest-geoip
bin/elasticsearch-plugin install ingest-user-agent
```
注意:
切换到ES运行用户
切换到安装目录下执行
安装完成后重启ES
2.被搜集日志的服务器安装Filebeat
```shell
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm
sudo rpm -vi filebeat-6.5.4-x86_64.rpm
```
注意:
软件包可以直接从服务器下载
3.修改Filebeat主配置文件
```
vi /etc/filebeat/filebeat.yml
output.elasticsearch:
hosts: ["<es_url>"]
username: "elastic"
password: "<password>"
setup.kibana:
host: "<kibana_url>"
```
注意:
如果ES没有使用用户和密码登录则不需要修改该参数
在配置文件中找到指定位置修改
4.启动Nginx模块
```shell
filebeat modules enable nginx
```
5.修改模块配置文件
```shell
vi /etc/filebeat/modules.d/nginx.yml
```
```yml
- module: nginx
access:
enabled: true
var.paths: ["/path/to/log/nginx/access.log*"]
error:
enabled: true
var.paths: ["/path/to/log/nginx/error.log*"]
```
注意:
只需要修改路径即可
6.启动Filebeat
```shell
sudo filebeat setup
sudo service filebeat start
```
7.测试是否可以获取数据