(一)Beats是什麽?
Beats是elasticsearch公司開源的一款采集系統監控數據的代理agent,它可以發送不同類型的數據到elasticsearch中,也可以行將采集完的數據發送到logstash中轉,然後在推送到elasticsearch中,目前還在發展中,與成熟的監控系統zabbix和ganglia相比就界面看起來爽了點,系統功能還是有點弱,不過與elasticsearch全文搜索框架集成後,數據查詢過濾功能非常強悍,還是非常有前途
的,在ELKB中,各個框架角色如下:
Beats:負責收集系統數據,可以直接發送到es中,也可以通過logstash中轉
logstash:收集日誌,為beats提供中轉功能
Elasticsearch:提供數據存儲,服務端聚合計算功能
Kibana:提供炫麗的可視化圖形展示並且作為elasticsearch的搜索的小清新客戶端
(二)Beats的組成:
到目前elasticsearch已經提供的有:
(1)Packetbeat 網絡流量監控采集
(2)Topbeat 類似linux top的監控采集
(3)Filebeat 文件log的監控采集
(4)WinlogBeat Windows系統的log監控采集
(5)自定義beat ,如果上面的指標不能滿足需求,elasticsarch公司鼓勵開發者
使用go語言,擴展實現自定義的beats指標,只需要按照模板,實現監控的輸入,日誌,輸出等即可
(三)Beats的基本拓撲
(四)安裝部署
安裝Java環境
[root@node1 ~]# rpm -ivh jdk-8u51-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_51 ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... jfxrt.jar... plugin.jar... javaws.jar... deploy.jar... [root@node1 ~]# java -version java version "1.8.0_51" Java(TM) SE Runtime Environment (build 1.8.0_51-b16) Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
安裝elasticsearch-2.3.4
[root@node1 ~]# tar zxvf elasticsearch-2.3.4.tar.gz -C /usr/local/ elasticsearch-2.3.4/README.textile elasticsearch-2.3.4/LICENSE.txt elasticsearch-2.3.4/NOTICE.txt elasticsearch-2.3.4/modules/ elasticsearch-2.3.4/modules/lang-groovy/ elasticsearch-2.3.4/modules/reindex/ elasticsearch-2.3.4/modules/lang-expression/ elasticsearch-2.3.4/modules/lang-groovy/plugin-security.policy elasticsearch-2.3.4/modules/lang-groovy/plugin-descriptor.properties ........
新增elasticsearch用戶
useradd elasticsearch
新增elasticsearch啟動的日誌目錄及bin目錄
[root@node1 bin]# mkdir /usr/local/elasticsearch-2.3.4/{logs,bin}權限:
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-2.3.4/
啟動elasticsearch
[elasticsearch@node1 bin]$ ./elasticsearch -d
[2016-07-20 11:30:29,413][INFO ][env ] [Jon Spectre] heap size [1007.3mb], compressed ordinary object pointers [true]
[2016-07-20 11:30:29,413][WARN ][env ] [Jon Spectre] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]
[2016-07-20 11:30:33,422][INFO ][node ] [Jon Spectre] initialized
[2016-07-20 11:30:33,423][INFO ][node ] [Jon Spectre] starting ...
[2016-07-20 11:30:33,651][INFO ][transport ] [Jon Spectre] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2016-07-20 11:30:33,670][INFO ][discovery ] [Jon Spectre] elasticsearch/Rr-U_JhCStexH5Htmj4qKQ
[2016-07-20 11:30:36,795][INFO ][cluster.service ] [Jon Spectre] new_master {Jon Spectre}{Rr-U_JhCStexH5Htmj4qKQ}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2016-07-20 11:30:36,851][INFO ][http ] [Jon Spectre] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2016-07-20 11:30:36,852][INFO ][node ] [Jon Spectre] started
[2016-07-20 11:30:36,996][INFO ][gateway ] [Jon Spectre] recovered [0] indices into cluster_state查看端口是否正常啟動9200,9300
elasticsearch@node1 logs]$ ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 ::ffff:127.0.0.1:9200 :::* LISTEN 0 50 ::1:9200 :::* LISTEN 0 50 ::ffff:127.0.0.1:9300 :::* LISTEN 0 50 ::1:9300
至此:elasticsearch已經安裝完成。
Kibana安裝
Kibana安裝非常簡單。官網上下載好kibana-4.5.3-linux-x64
tar zxvf kibana-4.5.3-linux-x64.tar.gz -C /usr/local/
啟動Kibana
[root@node1 bin]# cd /usr/local/kibana-4.5.3-linux-x64/bin [root@node1 bin]# ./kibana & [root@node1 bin]# log [12:11:05.529] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready log [12:11:05.609] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch log [12:11:05.648] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready log [12:11:05.655] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready [root@node1 bin]# log [12:11:05.662] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready log [12:11:05.669] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready log [12:11:05.683] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready log [12:11:05.690] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready log [12:11:05.700] [info][listening] Server running at log [12:11:22.664] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
查看端口5601是否監聽
[root@node1 bin]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:5601
本文出自 “奮鬥中的老兵” 博客,請務必保留此出處http://jiaxu201.blog.51cto.com/4569604/1828017
Tags: windows 監控系統 流量監控 files linux
文章來源: