ELK
Elasticsearch
配置
Master
# elasticsearch.yml
cluster.name: elasticsearch-cluster
node.name: node-1
node.master: true
node.data: false
node.ingest: false
path.data: /fishnet/elk/elastic/data
path.logs: /fishnet/elk/elastic/log
network.host: 0.0.0.0
discovery.seed_hosts: ["node-1.elasticsearch.fishnet.top", "node-2.elasticsearch.fishnet.top", "node-3.elasticsearch.fishnet.top"]
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
xpack.security.http.ssl.keystore.password: "changeit"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12Node1
# elasticsearch.yml
cluster.name: elasticsearch-cluster
node.name: node-2
node.master: true
node.data: true
node.ingest: false
path.data: /fishnet/elk/elastic/data
path.logs: /fishnet/elk/elastic/log
network.host: 0.0.0.0
discovery.seed_hosts: ["node-1.elasticsearch.fishnet.top", "node-2.elasticsearch.fishnet.top", "node-3.elasticsearch.fishnet.top"]
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
xpack.security.http.ssl.keystore.password: "changeit"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12Node2
# elasticsearch.yml
cluster.name: elasticsearch-cluster
node.name: node-3
node.master: true
node.data: false
node.ingest: true
path.data: /fishnet/elk/elastic/data
path.logs: /fishnet/elk/elastic/log
network.host: 0.0.0.0
discovery.seed_hosts: ["node-1.elasticsearch.fishnet.top", "node-2.elasticsearch.fishnet.top", "node-3.elasticsearch.fishnet.top"]
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
xpack.security.http.ssl.keystore.password: "changeit"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12Kibana
| 账号 | 密码 |
|---|---|
| readonly | FishnetReadonly0. |
配置
# kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://node-1.elasticsearch.fishnet.top:9200","https://node-2.elasticsearch.fishnet.top:9200","https://node-3.elasticsearch.fishnet.top:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "xxx"
elasticsearch.ssl.certificateAuthorities: [ "/fishnet/elk/kibana-7.17.6/config/elasticsearch-ca.pem" ]Logstash
配置
# logstash-fishnet-mall.conf
input {
tcp {
port => 4560
codec => json_lines
tags => ["debug"]
}
tcp {
port => 4561
codec => json_lines
tags => ["error"]
}
tcp {
port => 4562
codec => json_lines
tags => ["business"]
}
tcp {
port => 4563
codec => json_lines
tags => ["record"]
}
}
output {
elasticsearch {
hosts => ["https://node-1.elasticsearch.fishnet.top:9200","https://node-2.elasticsearch.fishnet.top:9200","https://node-3.elasticsearch.fishnet.top:9200"]
user => "logstash_internal"
password => "xxx"
ssl => true
cacert => "/fishnet/elk/elasticsearch-7.17.6/config/http/ca.crt"
index => "logstash-%{[tags][0]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}在Kibana查看日志
