天天看點
傳回

五分鐘帶你玩轉Elasticsearch(二十一)生産環境elk系統全配置配置解析

elasticsearch 配置

elasticsearch.yml

cluster.name: elasticsearch
node.name: node-1
path.data: /usr/local/elasticsearch/elasticsearch-7.6.0/data
path.logs: /usr/local/elasticsearch/elasticsearch-7.6.0/logs
network.host: 0.0.0.0
network.bind_host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node-1"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true # 這條配置表示開啟xpack認證機制
xpack.security.transport.ssl.enabled: true

jvm.options

-Xms1g
-Xmx1g

kibana

kibana.yml

1. i18n.locale: "zh-CN"
2. server.port: 5601
3. server.host: 0.0.0.0
4. elasticsearch.username: "xxxx"
5. elasticsearch.password: "xxx"
6. xpack.reporting.encryptionKey: "a_random_string"
7. xpack.security.encryptionKey: "something_at_least_32_characters"

logstash

logstash.yml

1. http.host: "192.168.xx.xx"
2. xpack.monitoring.enabled: true
3. xpack.monitoring.elasticsearch.hosts: "http://192.168.xx.xx:9200"
4. xpack.monitoring.elasticsearch.username: "xxxx"
5. xpack.monitoring.elasticsearch.password: "xxxx"

log_to_es.conf

input{
        tcp {
                mode => "server"
                host => "0.0.0.0"
                port => 5000
                codec => json_lines
                type=> "datalog"
        }
        tcp {
                mode => "server"
                host => "0.0.0.0"
                port => 4999
                codec => json_lines
                type=> "loginlog"
 
        }
}
filter{
            if[type] == "loginlog"{
                grok {
                    match => {"message" => "\|%{GREEDYDATA:loginMsg}\|%{GREEDYDATA:timeFormat}\|%{GREEDYDATA:userName}"}
                }
                if([message] =~  "^(?!.*?登入系統).*$") {
                    ### 丢棄
                    drop{}
                   }
                }
            if[type] == "datalog"{  
                grok {
                    match => {"message" => "\|%{DATA:userName}\|%{GREEDYDATA:operationName}\|%{DATA:timeFormat}\|%{DATA:ip}\|%{DATA:systemType}\|%{GREEDYDATA:logType}\|%{GREEDYDATA:method}\|%{GREEDYDATA:input}"}
                }   
            }
            ruby {
                code => "event['time'] = event['@timestamp']"
            }
            mutate
            {
                add_field => ["time", "%{@timestamp}"]
            }                
}
output{
       
                if[type] == "datalog"{
                    elasticsearch{
                        hosts=>["192.168.xx.xx:9200"]
                        user => "elastic"
                        password => "xxxx"
                        index => "xxxx-%{+YYYY.MM.dd}"
                            }
                        }
                if[type] == "loginlog"{
                    elasticsearch{
                        hosts=>["192.168.xx.xx:9200"]
                        user => "elastic"
                        password => "xxxx"
                        index => "xxxx-%{+YYYY.MM.dd}"
                            }                   
                        }
}
ElasticSearch前背景停止 ElasticSearch jdk版本 ElasticSearch前背景 ElasticSearch日志系統 ElasticSearch預置插件
上一篇: 五分鐘帶你玩轉oauth2(二十一)spring security+oauth2資源伺服器開放swaager通路
下一篇: 漢字拼音互相轉換工具類

繼續閱讀