ELK基本使用入门
发布于 8 年前 作者 yujintang 7874 次浏览 来自 分享

elk安装:

 jdk环境安装:
       1.获的包:wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u73-b02/jdk-8u73-linux-x64.rpm"
       2.sudo yum -y localinstall jdk-8u73-linux-x64.rpm

 elasicsearch安装:
              1.导入GPG公钥:sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch
              2.建立elasticsearch库文件:sudo vim /etc/yum.repos.d/elasticsearch.repo
                写入以下配置:
                           name=Elasticsearch repository for 2.x packages
                           baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
                           gpgcheck=1
                           gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
                           enabled=1
              3.安装:  sudo yum -y install elasticsearch
              4.配置: sudo vi /etc/elasticsearch/elasticsearch.yml 
                配置该项:network.host: localhost
              5.运行并自启动:sudo systemctl start elasticsearch   &&   sudo systemctl enable elasticsearch

 kibana安装:
             1.建立kibana库文件:sudo vi /etc/yum.repos.d/kibana.repo
               写入以下配置:
                            [kibana-4.4]
                             name=Kibana repository for 4.4.x packages
                             baseurl=http://packages.elastic.co/kibana/4.4/centos
                             gpgcheck=1
                             gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
                             enabled=1
             2.安装:sudo yum -y install kibana
             3.配置:sudo vi /opt/kibana/config/kibana.yml
               配置项:server.host: "localhost"
             4.运行:sudo systemctl start kibana   &&  sudo chkconfig kibana on

 logstash安装:
             1.建立库文件:sudo vi /etc/yum.repos.d/logstash.repo
               写入配置:[logstash-2.2]
                          name=logstash repository for 2.2 packages
                          baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
                          gpgcheck=1
                          gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
                          enabled=1
             2.安装:sudo yum -y install logstash
             3.生成ssl证书:sudo vi /etc/pki/tls/openssl.cnf
               [ v3_ca]下添加:subjectAltName = IP: ELK_server_private_ip
                cd /etc/pki/tls
                sudo openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt    
             4.配置logstash:sudo vi /etc/logstash/conf.d 下,配置相对应的input,filiter, output.

shield实现版本控制:优点:容易配置,分配权限 缺点:收费

 shield安装:
             1.进入elasticsearch目录: cd /usr/share/elasticsearch
             2.安装许可证:bin/plugin install elasticsearch/license/latest
             3.安装shield:bin/plugin -i elasticsearch/shield/latest
             4.将其配置链接至etc/elasticsearch/shield :ln -s /usr/share/elasticsearch/config/shield /etc/elasticsearch/shield
             5.重启服务:service elasticsearch restart
             6.创建elasticsearch账号:bin/shield/esusers useradd es_admin -r admin
             7.创建logstash账号:/usr/share/elasticsearch/bin/shield/esusers useradd logstashserver -r logstash
             8.logstash配置下添加logstash账户和密码:如:
                            output {  
                              elasticsearch {
                                     host => "192.168.0.1"
                                     protocol => "http"
                                     index => "logstash-%{type}-%{+YYYY.MM.dd}"
                                     user => "logstashserver" #在这里加上Shield中role为Logstash的用户名
                                     password => "woshimima" #别忘了密码
                                     }
                             #  stdout { codec => rubydebug }
                             }
             9.创建kibana账户:/usr/share/elasticsearch/bin/shield/esusers useradd kibanaserver -r kibana4_server
             10.kibana配置/opt/kibana/config/kibana.yml下添加账户和密码:
                              kibana_elasticsearch_username: kibanaserver  #Kibana服务将用这个用户名访问ElasticSearch服务器。  
                              kibana_elasticsearch_password: woshimima     #密码 

  shield实现权限控制:
             1.elasticsearch的 /etc/elasticsearch/shield/roles.yml下,配置某类型用户的权限配置:如:doctor可查看cases和patients,nurse只能查看cases
                              doctor:
                                indices:
                                  'cases,patients':
                                       - indices:admin/mappings/fields/get
                                       - indices:admin/validate/query
                                       - indices:data/read/search
                                       - indices:data/read/msearch
                                       - indices:admin/get

                               nurse:
                                 indices:
                                   'cases':
                                        - indices:admin/mappings/fields/get
                                        - indices:admin/validate/query
                                        - indices:data/read/search
                                        - indices:data/read/msearch
                                        - indices:admin/get
           2.创建doctor和nurse账户:/usr/share/elasticsearch/bin/shield/esusers useradd alice -r nurse
                                    /usr/share/elasticsearch/bin/shield/esusers useradd bob -r doctor
           3.给kibana权限:/usr/share/elasticsearch/bin/shield/esusers roles doctor -a kibana4_server
                           /usr/share/elasticsearch/bin/shield/esusers roles nurse -a kibana4_server
           4.进入kibana,查看权限。

elasticsearch-http-basic登录控制:优点:支持登录认证,ip白名单 缺点:仅支持到elasticsearch1.7以下

 1.安装:cd  /usr/share/elasticsearch/plugins   
         mkdir http-basic
         wget https://github.com/Asquera/elasticsearch-http-basic/releases/download/v1.3.0-security-fix/elasticsearch-http-basic-1.3.0.jar
 2.配置:sudo vi /etc/elasticsearch/elasticsearch.yml 
         配置为:http.basic.enabled	true	开关,开启会接管全部HTTP连接
                 http.basic.user “admin”	账号
                 http.basic.password “admin_pw”	密码
                 http.basic.ipwhitelist[“localhost”, “127.0.0.1”]	白名单内的ip访问不需要通过账号和密码,支持ip和主机名,不支持ip区间或正则
                 http.basic.trusted_proxy_chains []	信任代理列表
                 http.basic.log false 把无授权的访问事件添加到ES的日志
                 http.basic.xforward “”	记载代理路径的header字段名
        github地址:https://github.com/Asquera/elasticsearch-http-basic

kibana-authentication-proxy 实现认证:仅支持到kibana3

        这是一款面向kibana认证的插件,但是因为库好久没有维护,仅支持到kibana3,所以没有继续调研
        github地址:https://github.com/fangli/kibana-authentication-proxy

Search Guard实现权限控制:

 1.安装:sudo bin/plugin install com.floragunn/search-guard-ssl/2.3.1.8.1      
         sudo bin/plugin install com.floragunn/search-guard-2/2.3.1.0-beta1

      ?安装后elasticsearch不能启动服务,正在查找原因。
       github地址:https://github.com/floragunncom/search-guard
2 回复

excuse me? what the hell is this shit?

@wwj559 大数据分析+可视化

回到顶部