在CentOS 7上搭建日志服务器可以使用Elasticsearch、Logstash和Kibana(ELK)组合来实现。下面是一个简单的步骤:
- 安装Java环境:
sudo yum install java-1.8.0-openjdk
- 安装Elasticsearch:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo yum install https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.15.0-x86_64.rpm
- 设置Elasticsearch为开机自启动并启动服务:
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
- 安装Logstash:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo yum install https://artifacts.elastic.co/downloads/logstash/logstash-7.15.0-x86_64.rpm
- 配置Logstash来收集日志数据并发送到Elasticsearch:
创建一个配置文件 /etc/logstash/conf.d/logstash.conf
,内容如下:
input {
file {
path => "/var/log/messages"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logs-%{+YYYY.MM.dd}"
}
}
启动Logstash服务:
sudo systemctl enable logstash
sudo systemctl start logstash
- 安装Kibana:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo yum install https://artifacts.elastic.co/downloads/kibana/kibana-7.15.0-x86_64.rpm
- 配置Kibana连接到Elasticsearch:
编辑配置文件 /etc/kibana/kibana.yml
,修改以下内容:
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
启动Kibana服务:
sudo systemctl enable kibana
sudo systemctl start kibana
现在,你已经成功搭建了一个基本的ELK日志服务器。你可以通过浏览器访问Kibana的Web界面(默认端口为5601),来查看和分析收集到的日志数据。