说明
jdk1.8.x 能安装的 elk 最高版本 7.6.2
elasticsearch
/home/aqi/elk/elasticsearch-7.6.2/config
cluster.name: es-application
node.name: node-1
#对所有IP开放 network.host: 0.0.0.0
#HTTP端口号 http.port: 9200
#elasticsearch数据文件存放目录 path.data: /usr/elasticsearch-7.9.3/data
#elasticsearch日志文件存放目录 path.logs: /usr/elasticsearch-7.9.3/logs
#创建用户 useradd xxx
#设置密码 passwd xxx
#赋予用户权限 chown -R xxx:xxx /home/aqi/elk/
#切换用户 su aqi #启动 -d表示后台启动 ./bin/elasticsearch -d
添加用户:
elasticsearch.yml
xpack.security.enabled: true
#xpack.security.authc.accept_default_password: true
xpack.security.transport.ssl.enabled: true
#xpack.security.enabled: false
Logstash
/home/aqi/elk/logstash-7.6.2/config/logstash-sample.conf config.reload.automatic: true #开启配置文件自动加载
config.reload.interval: 10 #定义配置文件重载时间周期
http.host: “127.0.0.1” #定义访问主机名,一般为域名或IP
kibana.yml
// 解决启动警告 https://www.cnblogs.com/lishidefengchen/p/8573784.html
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
kibana
路径:/home/aqi/elk/kibana-7.6.2-linux-x86_64/config/kibana.yml
server.port: 5601 server.host: “0.0.0.0” #192.168.0.109 改成自己服务器 ip elasticsearch.hosts: [“http://192.168.0.109:9200”]
#后台启动 nohup ./bin/kibana &
防火墙
- 查看防火墙状态: systemctl status firewalld systemctl status firewalld.service
- 开启防火墙 systemctl start firewalld.service
- 关闭防火墙 systemctl stop firewalld.service
- 禁用防火墙 systemctl disable firewalld.service
- 查看防火墙已开放端口列表 firewall-cmd –list-all
- 防火墙添加端口 [root@localhost ~]# firewall-cmd –permanent –add-port=3306/tcp success
- 防火墙关闭端口 [root@localhost ~]# firewall-cmd –permanent –remove-port 3306/tcp success
- 开放端口放行:
firewall-cmd –zone=public –add-port=3306/tcp –permanent
firewall-cmd –add-port=9200/tcp –permanent
加上–permanet参数永久生效,如果前面修改了端口号,此处的3306就应改成对应的端口号,然后使用命令重新读取防火墙规则:
firewall-cmd --reload - 查询指定端口是否已开: firewall-cmd –query-port=666/tcp
