Acest tutorial explic\u0103 modul de configurare a unui server centralizat de gestionare a fi\u0219ierelor de log-uri utiliz\u00e2nd stackul ELK pe CentOS 7. Pentru cine nu \u0219tie deja, ELK este combina\u021bia a 3 servicii: ElasticSearch, Logstash \u0219i Kibana. Pentru a construi un server complet centralizat de gestionare al log-urilor folosind acest concept, va trebui s\u0103 avem fiecare dintre aceste pachete, deoarece acestea servesc unor scopuri diferite \u0219i totodat\u0103 sunt legate unele de altele. Practic func\u021bioneaz\u0103 \u00eempreun\u0103, astfel:<\/p>\n
– Pentru fiecare client pe care dori\u021bi s\u0103-l gestiona\u021bi, acesta va produce propriul jurnal al serviciilor conexe.
\n– Pentru serverul care va fi folosit pentru a gestiona toate informa\u021biile de logare de la fiecare client, acesta va folosi pachetul LogStash pentru a colecta \u0219i transforma datele la o valoare relativ\u0103. Prin defini\u021bie, este o conduct\u0103 de procesare a datelor pe o surs\u0103 deschis\u0103, care \u00eencorporeaz\u0103 simultan date dintr-o multitudine de surse, transform\u00e2ndu-le
\n– Odat\u0103 ce datele sunt colectate \u0219i transformate, serverul de management va utiliza ElasticSearch pentru a ajuta \u0219i analiza datele la o valoare relevant\u0103. Pute\u021bi utiliza limba de interogare general\u0103 dac\u0103 dori\u021bi s\u0103 genera\u021bi un raport corespunz\u0103tor, dup\u0103 cum este necesar
\n– Dat fiind c\u0103 datele aferente au fost verificate \u0219i analizate, acesta este locul \u00een care pachetul Kibana este prezentat, deoarece v\u0103 poate ajuta s\u0103 vizualiza\u021bi \u0219i s\u0103 gestiona\u021bi datele relevante \u00eentr-o vizualizare adecvat\u0103 sau s\u0103 le combina\u021bi \u00een tabloul de bord pentru o \u00een\u021belegere mai u\u0219oar\u0103.<\/p>\n
Imaginea de mai jos rezum\u0103 procesul de lucru:<\/p>\n
1. Not\u0103 preliminar\u0103<\/strong><\/p>\n Pentru acest tutorial, vom folosi Linux CentOS 7.4 \u00een versiunea pe 64 de bi\u021bi. \u00cen acest tutorial vom folosi 3 servere: Primul va fi folosit ca server de administrare, iar celelalte 2 vor fi folosite ca \u0219i clien\u021bi. Pentru acest exerci\u021biu, vom folosi serverul de management pentru a monitoriza un serviciu MySQL existent, care a fost deja setat, configurat \u0219i rulat de fiecare client. Deoarece MySQL este un serviciu de baze de date care este utilizat \u00een principal pentru scopul OLTP, vom face ca serverul nostru de management s\u0103 \u00eenregistreze dou\u0103 procese de logare, care este verificarea st\u0103rii de func\u021bionare a serviciului MySQL \u00een sine \u0219i tranzac\u021bia lent\u0103 a interog\u0103rii. P\u00e2n\u0103 la sf\u00e2r\u0219itul acestui tutorial, vom vedea c\u0103 orice informa\u021bie \u00eenregistrat\u0103 din orice serviciu MySQL \u00een interiorul clientului dedicat poate fi v\u0103zut\u0103, vizualizat\u0103 \u0219i analizat\u0103 simultan de la serverul de management direct \u00een timp real.<\/p>\n 2. Faza de instalare<\/strong><\/p>\n Pentru faza de instalare, vom \u00eencepe cu instalarea FileBeat pe serverul MySQL DB care ac\u021bioneaz\u0103 ca \u0219i client. S\u0103 \u00eencepem procesul, mai jos avem pa\u0219ii:<\/p>\n [root@mysql_db1 opt]# cd 100%[==============================================================================>] 12,697,093 2.20MB\/s in 6.9s<\/p>\n 2018-06-09 10:51:00 (1.75 MB\/s) – \u2018filebeat-6.2.1-x86_64.rpm\u2019 saved [12697093\/12697093]<\/p>\n [root@mysql_db1 opt]# yum localinstall -y filebeat-6.2.1-x86_64.rpm Dependencies Resolved<\/p>\n ======================================================================================================================== Transaction Summary Total size: 49 M Installed: Complete!<\/p>\n Odat\u0103 terminat acest proces, vom afi\u0219a modulul implicit care permite activarea pachetului FileBeat \u0219i va deschide modulul mysql necesar \u00een cazul nostru. Mai jos sunt pa\u0219ii:<\/p>\n Disabled: Acum s\u0103 edit\u0103m configura\u021bia necesar\u0103 pentru modulul mysql pe care l-am activat. \u00cen mod implicit, odat\u0103 ce am activat modulul mysql din pachetul de fi\u0219iere, acesta va crea automat un fi\u0219ier yaml \u00een directorul modules.d. Cu toate acestea, dac\u0103 fi\u0219ierul nu a fost creat, nu ezita\u021bi s\u0103 crea\u021bi un nou fi\u0219ier yaml \u00een aceea\u0219i loca\u021bie. Mai jos sunt pa\u0219ii:<\/p>\n slowlog: A\u0219a cum am ar\u0103tat mai sus, am decis s\u0103 centraliz\u0103m 2 procese de logare din serviciul MySQL, care este controlul bazei de date \u00een sine \u0219i jurnalul de interog\u0103ri.<\/p>\n Acum, odat\u0103 ce totul este gata, haide\u021bi s\u0103 facem o configura\u021bie \u00een interiorul fi\u0219ierului principal de configurare pentru filebeat \u00een fi\u0219ierul filebeat.yml. Mai jos este setul de configurare:<\/p>\n filebeat.prospectors:<\/p>\n – type: log<\/p>\n enabled: false #============================= Filebeat modules ===============================<\/p>\n filebeat.config.modules: #==================== Elasticsearch template setting ==========================<\/p>\n setup.template.settings: #================================ General =====================================<\/p>\n setup.kibana:<\/p>\n #–––––––––– Logstash output ––––––––––– Observa\u021bi cu privire la cele de mai sus c\u0103 am setat o adres\u0103 IP pentru gazda logstash care este 172.17.0.6 .Acest IP este adresa pentru serverul nostru de management centralizat care se va accesa prin intermediul crawler-elor direct pentru a colecta datele de \u00eenregistrare. Am setat hardcoded IP deoarece nu am f\u0103cut alte modific\u0103ri \u00een fi\u0219ierul \/ etc \/ hosts \u0219i nu am folosit nici un server DNS pentru acest tutorial. Cu toate acestea, nu ezita\u021bi s\u0103 utiliza\u021bi numele de gazd\u0103 al serverului de management dac\u0103 a\u021bi f\u0103cut modific\u0103rile alternative.<\/p>\n Deoarece toate au fost configurate, putem s\u0103 pornim serviciile de filebeat. Mai jos sunt pa\u0219ii:<\/p>\n [root@mysql_db1 opt]# filebeat -e & [root@mysql_db1 ~]# tail -f \/var\/log\/filebeat\/filebeat Observa\u021bi c\u0103 odat\u0103 ce am pornit serviciul filebeat, exist\u0103 o eroare afi\u0219at\u0103 \u00een jurnal. Acest lucru s-a datorat faptului c\u0103 serverul de gestionare care a fost atribuit nu a fost \u00eenc\u0103 setat. Pentru faza ini\u021bial\u0103, pute\u021bi ignora jurnalul de erori deoarece acesta va fi recuperat automat odat\u0103 ce serverul nostru de management a fost configurat \u0219i a \u00eenceput s\u0103 se acceseze prin intermediul crawler-elor.<\/p>\n Pe m\u0103sur\u0103 ce se realizeaz\u0103 configurarea bazei de client, pute\u021bi continua s\u0103 replica\u021bi pa\u0219ii pe cel\u0103lalt server MySQL, care ac\u021bioneaz\u0103 ca \u0219i client.<\/p>\n Vom continua cu configurarea serverului de management \u00een sine.<\/p>\n 3. Faza de instalare (Managementul centralizat al serverului)<\/strong><\/p>\n Acum, pe m\u0103sur\u0103 ce am f\u0103cut preg\u0103tirea pe partea de clien\u021bi, s\u0103 \u00eencepem configurarea necesar\u0103 pentru serverul de management \u00een sine. Pe scurt, exist\u0103 3 pachete de baz\u0103 care trebuiesc instalate \u0219i configurate pentru serverul de management, acestea sunt ElasticSearch, LogStash \u0219i Kibana.<\/p>\n Pentru aceast\u0103 etap\u0103, vom \u00eencepe instalarea \u0219i configurarea necesar\u0103 pentru ElasticSearch \u00een primul r\u00e2nd, mai jos sunt pa\u0219ii:<\/p>\n 100%[==============================================================================>] 29,049,089 2.47MB\/s in 16s<\/p>\n 2018-06-09 12:48:21 (1.76 MB\/s) – \u2018elasticsearch-6.2.1.tar.gz\u2019 saved [29049089\/29049089]<\/p>\n [root@elk_master opt]# [root@elk_master opt]# ln -s \/opt\/elasticsearch-6.2.1 \/opt\/elasticsearch Pe m\u0103sur\u0103 ce se realizeaz\u0103 instalarea pentru ElasticSearch, vom continua partea de configurare. Pentru partea de configurare, vom asocia directorul \/data\/data pentru a stoca datele care au fost analizate. Directorul \u00een sine, de asemenea, va fi folosit pentru a stoca un index care va fi folosit de c\u0103tre elasticSearch \u00een sine pentru o interogare mai rapid\u0103. Pentru c\u0103 directorul \/data\/logs va fi folosit de elasticSearch \u00een sine pentru propriul scop de exploatare. Mai jos sunt pa\u0219ii:<\/p>\n Pentru ca ElasticSearch s\u0103 func\u021bioneze, este nevoie de configurarea Java. Mai jos sunt pa\u0219ii privind instalarea \u0219i configurarea Java pe server:<\/p>\n 100%[==============================================================================>] 169,983,496 2.56MB\/s in 64s<\/p>\n 2018-06-09 12:58:15 (2.54 MB\/s) – \u2018jdk-8u131-linux-x64.rpm\u2019 saved [169983496\/169983496]<\/p>\n [root@elk_master config]# yum localinstall -y jdk-8u131-linux-x64.rpm<\/p>\n [root@elk_master config]# vi \/root\/.bash_profile [root@elk_master config]# . \/root\/.bash_profile Acum elasticSearch a fost instalat \u0219i configurat \u00een server. Cu toate acestea, datorit\u0103 unor politici de securitate, elasticSearch este interzis de a fi rulat de c\u0103tre utilizatorul root, prin urmare, vom crea un utilizator suplimentar pentru a fi proprietar pentru a putea rula serviciul elasticSearch. Mai jos sunt pa\u0219ii pentru crearea unui utilizator dedicat pentru acesta:<\/p>\n [root@elk_master config]# chown -R shahril:shahril \/data\/ Dup\u0103 ce a\u021bi terminat, conecta\u021bi-v\u0103 cu acest utilizator \u0219i pute\u021bi rula serviciile elasticSearch.<\/p>\n Excelent, acum elasticSearch este func\u021bional, ve\u021bi observa un port suplimentar pe server care este legat de serviciul elasticSearch. Pute\u021bi verifica portul rul\u00e2nd comanda de mai jos:<\/p>\n Acum, hai s\u0103 ne mut\u0103m la setarea \u0219i configurarea serviciilor logstash. Mai jos sunt pa\u0219ii necesari pentru procesul de instalare:<\/p>\n 100%[==============================================================================>] 140,430,729 2.19MB\/s in 60s<\/p>\n 2018-06-09 13:08:57 (2.24 MB\/s) – \u2018logstash-6.2.1.rpm\u2019 saved [140430729\/140430729]<\/p>\n [root@elk_master opt]# yum localinstall -y logstash-6.2.1.rpm Dependencies Resolved<\/p>\n ======================================================================================================================== Transaction Summary Total size: 224 M Installed: Complete! <\/em><\/p>\n Dup\u0103 ce a\u021bi terminat instalarea, aplica\u021bi configura\u021bia necesar\u0103 dup\u0103 cum urmeaz\u0103:<\/p>\n input { filter { output { Re\u021bine\u021bi c\u0103 din configura\u021bia de mai sus am setat c\u0103 intrarea trebuie luat\u0103 din serviciul filebeat din partea clientului care utilizeaz\u0103 portul 5044. Am stabilit \u0219i o adnotare adecvat\u0103 pentru logstash pentru a alinia datele brute care au fost preluate de la fiecare parte de client. Acest lucru este necesar pentru a fi mai u\u0219or de v\u0103zut \u0219i de analizat de elasticsearch.<\/p>\n Apoi, trebuie s\u0103 instala\u021bi modulul filebeats pentru logstash astfel \u00eenc\u00e2t logstash s\u0103 capteze \u0219i s\u0103 acceseze cu crawlere datele brute din partea clientului.<\/p>\n Deoarece instalarea \u0219i configurarea necesare pentru logstash sunt f\u0103cute, putem porni serviciile. Mai jos sunt pa\u0219ii:<\/p>\n [root@elk_master opt]# service logstash status Jun 09 13:17:40 elk_master systemd[1]: Started logstash. [root@elk_master opt]# tail -f \/var\/log\/logstash\/logstash-plain.log Dup\u0103 cum pute\u021bi vedea, serviciul logstash a pornit cu succes \u0219i \u00eencepe s\u0103 colecteze datele din fiecare client. Ca alternativ\u0103, pute\u021bi utiliza comanda curl pentru a vedea starea \u0219i actualiz\u0103rile de la partea logstash. Mai jos sunt exemplele:<\/p>\n Nu \u00een ultimul r\u00e2nd, va trebui s\u0103 setam \u0219i s\u0103 configur\u0103m serviciile kibana pentru a crea un server complet de management centralizat. Not\u0103, kibana este folosit pentru a u\u0219ura procesul de colectare \u0219i analiz\u0103 a datelor prin vizualizare, nu este un pachet important ca elasticSearch sau logstash dac\u0103 instala\u021bi serverul sub o cutie mai mic\u0103. Cu toate acestea, pentru a continua, mai jos sunt pa\u0219ii privind instalarea \u0219i configurarea:<\/p>\n 100%[==============================================================================>] 83,465,500 2.76MB\/s in 41s<\/p>\n 2018-06-09 13:22:28 (1.94 MB\/s) – \u2018kibana-6.2.1-linux-x86_64.tar.gz\u2019 saved [83465500\/83465500]<\/p>\n [root@elk_master opt]# tar -zxvf kibana-6.2.1-linux-x86_64.tar.gz [root@elk_master opt]# vi kibana\/config\/kibana.yml<\/p>\n server.host: „172.17.0.6” Re\u021bineti mai sus c\u0103 am legat kibana cu serviciul nostru ElasticSearch \u00een interiorul configura\u021biei \u0219i am alocat un port care va fi folosit de serviciul Kibana odat\u0103 pornit. Acum, deoarece totul este deja stabilit, putem \u00eencepe serviciile finale. Mai jos sunt pa\u0219ii:<\/p>\n [root@elk_master opt]# \/opt\/kibana\/bin\/kibana & [root@elk_master opt]# netstat -apn|grep -i :5601 Excelent, acum totul se execut\u0103 \u0219i func\u021bioneaz\u0103 ca mai sus, folosind comanda netstat. Acum, s\u0103 vedem Tabloul de bord din Kibana \u0219i s\u0103 facem configura\u021bia. Trebuie s\u0103 accesam url-ul http:\/\/172.17.0.6:5601\/app, ve\u021bi vedea c\u0103 tabloul de bord va fi afi\u0219at ca mai jos.<\/p>\n \u00cen continuare, pe tabloul de bord, da\u021bi clic pe fila Management \u0219i defini\u021bi modelul indexului; in cazul nostru, modelul indexului este definit ca numele de fi\u0219ier de \u00eenregistrare generat. Introduce\u021bi informa\u021biile apoi face\u021bi clic pe next.<\/p>\n Apoi, introduce\u021bi variabilele care vor fi utilizate ca serii de timp. Dup\u0103 ce a\u021bi terminat, face\u021bi clic pe Creare model de index. Mai jos este exemplul:<\/p>\n Excelent, acum serverul de administrare este gata de utilizare. S\u0103 proced\u0103m prin testarea utilizabilit\u0103\u021bii.<\/p>\n 4. Faza de testare<\/strong><\/p>\n \u00cenainte de a \u00eencepe testul, s\u0103 presupunem rezultatul final. Pentru acest test, vom \u00eencerca s\u0103 execut\u0103m o interogare a bazei de date, care va trece de timpul lung de interogare alocat de la client, care este serverul MySQL. Odat\u0103 ce execut\u0103m, serverul nostru de management centralizat ar trebui s\u0103 afi\u0219eze automat rezultatul informa\u021biilor din interogare ca si grafic via tabloul de bord Kibana. Acum ca totul este clar, s\u0103 \u00eencepem testul, mai jos sunt pasii:<\/p>\n Conecta\u021bi-v\u0103 la oricare dintre serverele client \u0219i executa\u021bi interogarea lent\u0103 SQL ca mai jos:<\/p>\n Copyright (c) 2000, 2018, Oracle and\/or its affiliates. All rights reserved.<\/p>\n Oracle is a registered trademark of Oracle Corporation and\/or its Type ‘help;’ or ‘\\h’ for help. Type ‘\\c’ to clear the current input statement.<\/p>\n TEST>select sleep(5); TEST>select sleep(6); TEST>select sleep(10) ‘run for 10 seconds’; TEST>select sleep(3) ‘test again’; TEST>exit A\u0219a cum am ar\u0103tat mai sus, am reu\u0219it s\u0103 producem o interogare lent\u0103 care a \u00eenregistrat automat fiecare jurnal de interog\u0103ri lent al clientului. Acum, hai s\u0103 mergem la tabloul de bord \u0219i s\u0103 vedem dac\u0103 informa\u021biile despre date au fost accesate cu succes de serverul centralizat \u0219i acesta le-a convertit ca grafic de vizualizare.<\/p>\n Excelent, dup\u0103 cum am ar\u0103tat mai sus, exist\u0103 o list\u0103 a informa\u021biilor despre jurnalizare, care au fost accesate cu crawlere \u0219i au fost vizualizate prin tabloul de bord kibana. Pute\u021bi utiliza partea din st\u00e2nga pentru a filtra ce tip de coloan\u0103 dori\u021bi s\u0103 afi\u0219a\u021bi sau s\u0103 ascunde\u021bi, mai jos este exemplul:<\/p>\n Folosind c\u00e2mpul de text din partea de sus a tabloului de bord, pute\u021bi introduce o interogare SQL referitoare la vizualizarea anumitor informa\u021bii sau a unei p\u0103r\u021bi a datelor necesare.<\/p>\n Excelent, dup\u0103 cum arat\u0103 mai sus interogarea SQL pe care rulat-o ini\u021bial de la 1 din serverele noastre client este afi\u0219at automat, asa cum era de asteptat, \u00een tabloul de bord Kibana.<\/p>\n","protected":false},"excerpt":{"rendered":" Acest tutorial explic\u0103 modul de configurare a unui server centralizat de gestionare a fi\u0219ierelor de log-uri utiliz\u00e2nd stackul ELK pe CentOS 7. Pentru cine nu \u0219tie deja, ELK este combina\u021bia a 3 servicii: ElasticSearch, Logstash \u0219i Kibana. Pentru a construi un server complet centralizat de gestionare al log-urilor folosind acest concept, va trebui s\u0103 avem<\/p>\n","protected":false},"author":1,"featured_media":1015,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[152],"tags":[],"class_list":["post-420","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-room"],"yoast_head":"\n
\n[root@mysql_db1 ~]# cd \/opt\/
\n[root@mysql_db1 opt]# wget https:\/\/artifacts.elastic.co\/downloads\/beats\/filebeat\/filebeat-6.2.1-x86_64.rpm
\n–2018-06-09 10:50:46– https:\/\/artifacts.elastic.co\/downloads\/beats\/filebeat\/filebeat-6.2.1-x86_64.rpm
\nResolving artifacts.elastic.co (artifacts.elastic.co)… 107.21.237.188, 107.21.253.15, 184.73.245.233, …
\nConnecting to artifacts.elastic.co (artifacts.elastic.co)|107.21.237.188|:443… connected.
\nHTTP request sent, awaiting response… 200 OK
\nLength: 12697093 (12M) [binary\/octet-stream]
\nSaving to: \u2018filebeat-6.2.1-x86_64.rpm\u2019<\/p>\n
\nLoaded plugins: fastestmirror, ovl
\nExamining filebeat-6.2.1-x86_64.rpm: filebeat-6.2.1-1.x86_64
\nMarking filebeat-6.2.1-x86_64.rpm to be installed
\nResolving Dependencies
\n–> Running transaction check
\n–> Package filebeat.x86_64 0:6.2.1-1 will be installed
\n–> Finished Dependency Resolution<\/p>\n
\nPackage Arch Version Repository Size
\n========================================================================================================================
\nInstalling:
\nfilebeat x86_64 6.2.1-1 \/filebeat-6.2.1-x86_64 49 M<\/p>\n
\n========================================================================================================================
\nInstall 1 Package<\/p>\n
\nInstalled size: 49 M
\nDownloading packages:
\nRunning transaction check
\nRunning transaction test
\nTransaction test succeeded
\nRunning transaction
\nInstalling : filebeat-6.2.1-1.x86_64 1\/1
\nVerifying : filebeat-6.2.1-1.x86_64 1\/1<\/p>\n
\nfilebeat.x86_64 0:6.2.1-1<\/p>\n
\n[root@mysql_db1 opt]# filebeat modules list
\nEnabled:<\/p>\n
\napache2
\nauditd
\nicinga
\nkafka
\nlogstash
\nmysql
\nnginx
\nosquery
\npostgresql
\nredis
\nsystem
\ntraefik
\n[root@mysql_db1 opt]# filebeat modules enable mysql
\nEnabled mysql
\n<\/em><\/p>\n
\n[root@mysql_db1 opt]# vi \/etc\/filebeat\/modules.d\/mysql.yml
\n– module: mysql
\nerror:
\nenabled: true
\nvar.paths: [„\/var\/lib\/mysql\/mysql-error.log*”]<\/p>\n
\nenabled: true
\nvar.paths: [„\/var\/lib\/mysql\/log-slow-queries.log*”] <\/em><\/p>\n
\n[root@mysql_db1 opt]# vi \/etc\/filebeat\/filebeat.yml
\n#=========================== Filebeat prospectors =============================<\/p>\n
\npaths:
\n– \/var\/lib\/mysql\/mysql-error.log
\n– \/var\/lib\/mysql\/log-slow-queries.log<\/p>\n
\npath: ${path.config}\/modules.d\/*.yml
\nreload.enabled: false<\/p>\n
\nindex.number_of_shards: 3<\/p>\n
\noutput.logstash:
\nhosts: [„172.17.0.6:5044”]
\n<\/em><\/p>\n
\n[root@mysql_db1 opt]# filebeat setup -e
\n2018-06-09T11:04:37.277Z INFO instance\/beat.go:468 Home path: [\/usr\/share\/filebeat] Config path: [\/etc\/filebeat] Data path: [\/var\/lib\/filebeat] Logs path: [\/var\/log\/filebeat]
\n2018-06-09T11:04:37.277Z INFO instance\/beat.go:475 Beat UUID: 98503460-035e-4476-8e4d-10470433dba5
\n2018-06-09T11:04:37.277Z INFO instance\/beat.go:213 Setup Beat: filebeat; Version: 6.2.1
\n2018-06-09T11:04:37.277Z INFO pipeline\/module.go:76 Beat name: lara
\n2018-06-09T11:04:37.278Z ERROR instance\/beat.go:667 Exiting: Template loading requested but the Elasticsearch output is not configured\/enabled
\nExiting: Template loading requested but the Elasticsearch output is not configured\/enabled<\/p>\n
\n[1] 22010
\n[root@mysql_db1 opt]# 2018-06-09T12:45:18.812Z INFO instance\/beat.go:468 Home path: [\/usr\/share\/filebeat] Config path: [\/etc\/filebeat] Data path: [\/var\/lib\/filebeat] Logs path: [\/var\/log\/filebeat]
\n2018-06-09T12:45:18.813Z INFO instance\/beat.go:475 Beat UUID: 98503460-035e-4476-8e4d-10470433dba5
\n2018-06-09T12:45:18.813Z INFO instance\/beat.go:213 Setup Beat: filebeat; Version: 6.2.1
\n2018-06-09T12:45:18.813Z INFO pipeline\/module.go:76 Beat name: lara
\n2018-06-09T12:45:18.813Z INFO [monitoring] log\/log.go:97 Starting metrics logging every 30s
\n2018-06-09T12:45:18.813Z INFO instance\/beat.go:301 filebeat start running.
\n2018-06-09T12:45:18.814Z INFO registrar\/registrar.go:71 No registry file found under: \/var\/lib\/filebeat\/registry. Creating a new registry file.
\n2018-06-09T12:45:18.819Z INFO registrar\/registrar.go:108 Loading registrar data from \/var\/lib\/filebeat\/registry
\n2018-06-09T12:45:18.819Z INFO registrar\/registrar.go:119 States Loaded from registrar: 0
\n2018-06-09T12:45:18.819Z WARN beater\/filebeat.go:261 Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured\/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.
\n2018-06-09T12:45:18.820Z INFO crawler\/crawler.go:48 Loading Prospectors: 1
\n2018-06-09T12:45:18.821Z INFO log\/prospector.go:111 Configured paths: [\/var\/lib\/mysql\/log-slow-queries.log*]
\n2018-06-09T12:45:18.822Z INFO log\/prospector.go:111 Configured paths: [\/var\/lib\/mysql\/mysql-error.log*]
\n2018-06-09T12:45:18.822Z INFO crawler\/crawler.go:82 Loading and starting Prospectors completed. Enabled prospectors: 0
\n2018-06-09T12:45:18.822Z INFO cfgfile\/reload.go:127 Config reloader started
\n2018-06-09T12:45:18.840Z INFO log\/prospector.go:111 Configured paths: [\/var\/lib\/mysql\/log-slow-queries.log*]
\n2018-06-09T12:45:18.840Z INFO log\/prospector.go:111 Configured paths: [\/var\/lib\/mysql\/mysql-error.log*]
\n2018-06-09T12:45:18.840Z INFO cfgfile\/reload.go:258 Starting 1 runners …
\n2018-06-09T12:45:18.840Z INFO cfgfile\/reload.go:219 Loading of config files completed.
\n2018-06-09T12:45:18.841Z INFO log\/harvester.go:216 Harvester started for file: \/var\/lib\/mysql\/mysql-error.log
\n2018-06-09T12:45:18.841Z INFO log\/harvester.go:216 Harvester started for file: \/var\/lib\/mysql\/log-slow-queries.log
\n2018-06-09T12:45:20.841Z ERROR pipeline\/output.go:74 Failed to connect: dial tcp 172.17.0.6:5044: getsockopt: connection refused
\n2018-06-09T12:45:22.842Z ERROR pipeline\/output.go:74 Failed to connect: dial tcp 172.17.0.6:5044: getsockopt: connection refused
\n2018-06-09T12:45:26.842Z ERROR pipeline\/output.go:74 Failed to connect: dial tcp 172.17.0.6:5044: getsockopt: connection refused<\/p>\n
\n2018-06-09T10:53:28.853Z INFO instance\/beat.go:468 Home path: [\/usr\/share\/filebeat] Config path: [\/etc\/filebeat] Data path: [\/var\/lib\/filebeat] Logs path: [\/var\/log\/filebeat]
\n2018-06-09T10:53:28.853Z INFO instance\/beat.go:475 Beat UUID: 98503460-035e-4476-8e4d-10470433dba5 <\/em><\/p>\n
\n[root@elk_master ~]# cd \/opt\/
\n[root@elk_master opt]# ls
\n[root@elk_master opt]# wget https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-6.2.1.tar.gz
\n–2018-06-09 12:47:59– https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-6.2.1.tar.gz
\nResolving artifacts.elastic.co (artifacts.elastic.co)… 107.21.237.188, 54.235.82.130, 107.21.253.15, …
\nConnecting to artifacts.elastic.co (artifacts.elastic.co)|107.21.237.188|:443… connected.
\nHTTP request sent, awaiting response… 200 OK
\nLength: 29049089 (28M) [binary\/octet-stream]
\nSaving to: \u2018elasticsearch-6.2.1.tar.gz\u2019<\/p>\n
\n[root@elk_master opt]#
\n[root@elk_master opt]# tar -zxvf elasticsearch-6.2.1.tar.gz<\/p>\n
\n[root@elk_master opt]# ll
\ntotal 28372
\nlrwxrwxrwx 1 root root 24 Jun 9 12:49 elasticsearch -> \/opt\/elasticsearch-6.2.1
\ndrwxr-xr-x 8 root root 143 Feb 7 19:36 elasticsearch-6.2.1
\n-rw-r–r– 1 root root 29049089 May 15 04:56 elasticsearch-6.2.1.tar.gz <\/em><\/p>\n
\n[root@elk_master opt]# mkdir -p \/data\/data
\n[root@elk_master opt]# mkdir -p \/data\/logs
\n[root@elk_master opt]#
\n[root@elk_master opt]# cd elasticsearch
\n[root@elk_master elasticsearch]# ls
\nbin config lib LICENSE.txt logs modules NOTICE.txt plugins README.textile
\n[root@elk_master elasticsearch]# cd config\/
\n[root@elk_master config]# vi elasticsearch.yml
\n# –––––––––––- Cluster ––––––––––––
\ncluster.name: log_cluster
\n#
\n# –––––––––––– Node ––––––––––––
\n#
\nnode.name: elk_master
\n#
\n# –––––––––––– Paths ––––––––––––
\n#
\npath.data: \/data\/data
\npath.logs: \/data\/logs
\n#
\nnetwork.host: 172.17.0.6 <\/em><\/p>\n
\n[root@elk_master config]# wget –no-cookies –no-check-certificate –header „Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie” „http:\/\/download.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm”
\n–2018-06-09 12:57:05– http:\/\/download.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm
\nResolving download.oracle.com (download.oracle.com)… 23.49.16.62
\nConnecting to download.oracle.com (download.oracle.com)|23.49.16.62|:80… connected.
\nHTTP request sent, awaiting response… 302 Moved Temporarily
\nLocation: https:\/\/edelivery.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm [following]
\n–2018-06-09 12:57:10– https:\/\/edelivery.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm
\nResolving edelivery.oracle.com (edelivery.oracle.com)… 104.103.48.174, 2600:1417:58:181::2d3e, 2600:1417:58:188::2d3e
\nConnecting to edelivery.oracle.com (edelivery.oracle.com)|104.103.48.174|:443… connected.
\nHTTP request sent, awaiting response… 302 Moved Temporarily
\nLocation: http:\/\/download.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm?AuthParam=1528549151_b1fd01d854bc0423600a83c36240028e [following]
\n–2018-06-09 12:57:11– http:\/\/download.oracle.com\/otn-pub\/java\/jdk\/8u131-b11\/d54c1d3a095b4ff2b6607d096fa80163\/jdk-8u131-linux-x64.rpm?AuthParam=1528549151_b1fd01d854bc0423600a83c36240028e
\nConnecting to download.oracle.com (download.oracle.com)|23.49.16.62|:80… connected.
\nHTTP request sent, awaiting response… 200 OK
\nLength: 169983496 (162M) [application\/x-redhat-package-manager]
\nSaving to: \u2018jdk-8u131-linux-x64.rpm\u2019<\/p>\n
\nexport JAVA_HOME=\/usr\/java\/jdk1.8.0_131
\nPATH=$JAVA_HOME\/bin:$PATH:$HOME\/bin
\nexport PATH<\/p>\n
\n[root@elk_master config]# java -version
\njava version „1.8.0_131”
\nJava(TM) SE Runtime Environment (build 1.8.0_131-b11)
\nJava HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode) <\/em><\/p>\n
\n[root@elk_master config]# useradd -s \/bin\/bash shahril
\n[root@elk_master config]# passwd shahril
\nChanging password for user shahril.
\nNew password:
\nBAD PASSWORD: The password fails the dictionary check – it is too simplistic\/systematic
\nRetype new password:
\npasswd: all authentication tokens updated successfully.<\/p>\n
\n[root@elk_master config]# sysctl -w vm.max_map_count=262144
\nvm.max_map_count = 262144 <\/em><\/p>\n
\n[root@elk_master config]# su – shahril
\nLast login: Sat Jun 9 13:03:07 UTC 2018 on pts\/1
\n[shahril@elk_master ~]$
\n[shahril@elk_master ~]$
\n[shahril@elk_master ~]$
\n[shahril@elk_master ~]$ \/opt\/elasticsearch\/bin\/elasticsearch &
\n[1] 7295
\n[shahril@elk_master ~]$ [2018-06-09T13:06:26,667][INFO ][o.e.n.Node ] [elk_master] initializing …
\n[2018-06-09T13:06:26,721][INFO ][o.e.e.NodeEnvironment ] [elk_master] using [1] data paths, mounts [[\/ (rootfs)]], net usable_space [394.3gb], net total_space [468.2gb], types [rootfs]
\n[2018-06-09T13:06:26,722][INFO ][o.e.e.NodeEnvironment ] [elk_master] heap size [990.7mb], compressed ordinary object pointers [true]
\n[2018-06-09T13:06:26,723][INFO ][o.e.n.Node ] [elk_master] node name [elk_master], node ID [xjNoA9mMSGiXYmFPRNlXBg]
\n[2018-06-09T13:06:26,723][INFO ][o.e.n.Node ] [elk_master] version[6.2.1], pid[7295], build[7299dc3\/2018-02-07T19:34:26.990113Z], OS[Linux\/3.10.0-693.17.1.el7.x86_64\/amd64], JVM[Oracle Corporation\/Java HotSpot(TM) 64-Bit Server VM\/1.8.0_131\/25.131-b11]
\n[2018-06-09T13:06:26,723][INFO ][o.e.n.Node ] [elk_master] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=\/tmp\/elasticsearch.U6ilAwt9, -XX:+HeapDumpOnOutOfMemoryError, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs\/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=\/opt\/elasticsearch, -Des.path.conf=\/opt\/elasticsearch\/config]
\n[2018-06-09T13:06:27,529][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [aggs-matrix-stats]
\n[2018-06-09T13:06:27,529][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [analysis-common]
\n[2018-06-09T13:06:27,529][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [ingest-common]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [lang-expression]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [lang-mustache]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [lang-painless]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [mapper-extras]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [parent-join]
\n[2018-06-09T13:06:27,530][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [percolator]
\n[2018-06-09T13:06:27,531][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [rank-eval]
\n[2018-06-09T13:06:27,532][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [reindex]
\n[2018-06-09T13:06:27,532][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [repository-url]
\n[2018-06-09T13:06:27,533][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [transport-netty4]
\n[2018-06-09T13:06:27,533][INFO ][o.e.p.PluginsService ] [elk_master] loaded module [tribe]
\n[2018-06-09T13:06:27,534][INFO ][o.e.p.PluginsService ] [elk_master] no plugins loaded <\/em><\/p>\n
\n[root@elk_master config]# netstat -apn|grep -i :9
\ntcp 0 0 172.17.0.6:9200 0.0.0.0:* LISTEN 7295\/java
\ntcp 0 0 172.17.0.6:9300 0.0.0.0:* LISTEN 7295\/java <\/em><\/p>\n
\n[root@elk_master opt]# wget https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-6.2.1.rpm
\n–2018-06-09 13:07:51– https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-6.2.1.rpm
\nResolving artifacts.elastic.co (artifacts.elastic.co)… 107.21.253.15, 23.21.67.46, 107.21.237.188, …
\nConnecting to artifacts.elastic.co (artifacts.elastic.co)|107.21.253.15|:443… connected.
\nHTTP request sent, awaiting response… 200 OK
\nLength: 140430729 (134M) [binary\/octet-stream]
\nSaving to: \u2018logstash-6.2.1.rpm\u2019<\/p>\n
\nLoaded plugins: fastestmirror, ovl
\nExamining logstash-6.2.1.rpm: 1:logstash-6.2.1-1.noarch
\nMarking logstash-6.2.1.rpm to be installed
\nResolving Dependencies
\n–> Running transaction check
\n–> Package logstash.noarch 1:6.2.1-1 will be installed
\n–> Finished Dependency Resolution<\/p>\n
\nPackage Arch Version Repository Size
\n========================================================================================================================
\nInstalling:
\nlogstash noarch 1:6.2.1-1 \/logstash-6.2.1 224 M<\/p>\n
\n========================================================================================================================
\nInstall 1 Package<\/p>\n
\nInstalled size: 224 M
\nDownloading packages:
\nRunning transaction check
\nRunning transaction test
\nTransaction test succeeded
\nRunning transaction
\nInstalling : 1:logstash-6.2.1-1.noarch 1\/1
\nUsing provided startup.options file: \/etc\/logstash\/startup.options
\nSuccessfully created system startup script for Logstash
\nVerifying : 1:logstash-6.2.1-1.noarch 1\/1<\/p>\n
\nlogstash.noarch 1:6.2.1-1<\/p>\n
\n[root@elk_master opt]# vi \/etc\/logstash\/conf.d\/02-mysql-log.conf<\/p>\n
\nbeats {
\nport => 5044
\nhost => „0.0.0.0”
\n}
\n}<\/p>\n
\nif [fileset][module] == „mysql” {
\nif [fileset][name] == „error” {
\ngrok {
\nmatch => { „message” => [„%{LOCALDATETIME:[mysql][error][timestamp]} (\\[%{DATA:[mysql][error][level]}\\] )?%{GREEDYDATA:[mysql][error][message]}”,
\n„%{TIMESTAMP_ISO8601:[mysql][error][timestamp]} %{NUMBER:[mysql][error][thread_id]} \\[%{DATA:[mysql][error][level]}\\] %{GREEDYDATA:[mysql][error][message1]}”,
\n„%{GREEDYDATA:[mysql][error][message2]}”] }
\npattern_definitions => {
\n„LOCALDATETIME” => „[0-9]+ %{TIME}”
\n}
\nremove_field => „message”
\n}
\nmutate {
\nrename => { „[mysql][error][message1]” => „[mysql][error][message]” }
\n}
\nmutate {
\nrename => { „[mysql][error][message2]” => „[mysql][error][message]” }
\n}
\ndate {
\nmatch => [ „[mysql][error][timestamp]”, „ISO8601”, „YYMMdd H:m:s” ]
\nremove_field => „[mysql][error][time]”
\n}
\n}
\nelse if [fileset][name] == „slowlog” {
\ngrok {
\nmatch => { „message” => [„^# User@Host: %{USER:[mysql][slowlog][user]}(\\[[^\\]]+\\])? @ %{HOSTNAME:[mysql][slowlog][host]} \\[(IP:[mysql][slowlog][ip])?\\](\\s*Id:\\s* %{NUMBER:[mysql][slowlog][id]})?\\n# Query_time: %{NUMBER:[mysql][slowlog][query_time][sec]}\\s* Lock_time: %{NUMBER:[mysql][slowlog][lock_time][sec]}\\s* Rows_sent: %{NUMBER:[mysql][slowlog][rows_sent]}\\s* Rows_examined: %{NUMBER:[mysql][slowlog][rows_examined]}\\n(SET timestamp=%{NUMBER:[mysql][slowlog][timestamp]};\\n)?%{GREEDYMULTILINE:[mysql][slowlog][query]}”] }
\npattern_definitions => {
\n„GREEDYMULTILINE” => „(.|\\n)*”
\n}
\nremove_field => „message”
\n}
\ndate {
\nmatch => [ „[mysql][slowlog][timestamp]”, „UNIX” ]
\n}
\nmutate {
\ngsub => [„[mysql][slowlog][query]”, „\\n# Time: [0-9]+ [0-9][0-9]:[0-9][0-9]:[0-9][0-9](\\\\.[0-9]+)?$”, „”]
\n}
\n}
\n}
\n}<\/p>\n
\nelasticsearch {
\nhosts => „172.17.0.6”
\nmanage_template => false
\nindex => „%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}”
\n}
\n} <\/em><\/p>\n
\n[root@elk_master opt]# \/usr\/share\/logstash\/bin\/logstash-plugin install logstash-input-beats
\nValidating logstash-input-beats
\nInstalling logstash-input-beats
\nInstallation successful <\/em><\/p>\n
\n[root@elk_master opt]# service logstash restart
\nRedirecting to \/bin\/systemctl restart logstash.service<\/p>\n
\nRedirecting to \/bin\/systemctl status logstash.service
\n? logstash.service – logstash
\nLoaded: loaded (\/etc\/systemd\/system\/logstash.service; disabled; vendor preset: disabled)
\nActive: active (running) since Sat 2018-06-09 13:17:40 UTC; 5s ago
\nMain PID: 8106 (java)
\nCGroup: \/docker\/2daaf895e0efa67ef70dbabd87b56d53815e94ff70432f692385f527e2dc488b\/system.slice\/logstash.service
\n??8106 \/bin\/java -Xms256m -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFracti…<\/p>\n
\nJun 09 13:17:40 elk_master systemd[1]: Starting logstash…
\n[root@elk_master opt]#<\/p>\n
\n[2018-06-09T13:17:59,496][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http:\/\/172.17.0.6:9200\/]}}
\n[2018-06-09T13:17:59,498][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http:\/\/172.17.0.6:9200\/, :path=>”\/”}
\n[2018-06-09T13:17:59,976][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>”http:\/\/172.17.0.6:9200\/”}
\n[2018-06-09T13:18:00,083][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
\n[2018-06-09T13:18:00,083][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the `type` event field won’t be used to determine the document _type {:es_version=>6}
\n[2018-06-09T13:18:00,095][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>”LogStash::Outputs::ElasticSearch”, :hosts=>[„\/\/172.17.0.6″]}
\n[2018-06-09T13:18:00,599][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>”0.0.0.0:5044″}
\n[2018-06-09T13:18:00,652][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>”main”, :thread=>”#<thread:0x70567cf0@ usr=”” share=”” logstash=”” logstash-core=”” lib=”” pipeline.rb:246=”” sleep=””>”}
\n[2018-06-09T13:18:00,663][INFO ][org.logstash.beats.Server] Starting server on port: 5044
\n[2018-06-09T13:18:00,660][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>[„main”]}
\n[2018-06-09T13:18:24,060][INFO ][o.e.c.m.MetaDataCreateIndexService] [elk_master] [filebeat-6.2.1-2018.06.04] creating index, cause [auto(bulk api)], templates [], shards [5]\/[1], mappings []
\n[2018-06-09T13:18:24,189][INFO ][o.e.c.m.MetaDataCreateIndexService] [elk_master] [filebeat-6.2.1-2018.06.09] creating index, cause [auto(bulk api)], templates [], shards [5]\/[1], mappings []
\n[2018-06-09T13:18:24,288][INFO ][o.e.c.m.MetaDataCreateIndexService] [elk_master] [filebeat-6.2.1-2018.06.08] creating index, cause [auto(bulk api)], templates [], shards [5]\/[1], mappings []
\n[2018-06-09T13:18:24,591][INFO ][o.e.c.m.MetaDataMappingService] [elk_master] [filebeat-6.2.1-2018.06.04\/yPD91Ww0SD2ei4YI-FgLgQ] create_mapping [doc]
\n[2018-06-09T13:18:24,781][INFO ][o.e.c.m.MetaDataMappingService] [elk_master] [filebeat-6.2.1-2018.06.08\/Qnv0gplFTgW0z1C6haZESg] create_mapping [doc]
\n[2018-06-09T13:18:24,882][INFO ][o.e.c.m.MetaDataMappingService] [elk_master] [filebeat-6.2.1-2018.06.09\/dihjTJw3SjGncXYln2MXbA] create_mapping [doc]
\n[2018-06-09T13:18:24,996][INFO ][o.e.c.m.MetaDataMappingService] [elk_master] [filebeat-6.2.1-2018.06.09\/dihjTJw3SjGncXYln2MXbA] update_mapping [doc] <\/thread:0x70567cf0@><\/em><\/p>\n
\n[root@elk_master opt]# curl -kL http:\/\/172.17.0.6:9200\/_cat\/indices?v
\nhealth status index uuid pri rep docs.count docs.deleted store.size pri.store.size
\nyellow open filebeat-6.2.1-2018.06.09 dihjTJw3SjGncXYln2MXbA 5 1 6 0 35.2kb 35.2kb
\nyellow open filebeat-6.2.1-2018.06.04 yPD91Ww0SD2ei4YI-FgLgQ 5 1 350 0 186.4kb 186.4kb
\nyellow open filebeat-6.2.1-2018.06.08 Qnv0gplFTgW0z1C6haZESg 5 1 97 0 89.4kb 89.4kb <\/em><\/p>\n
\n[root@elk_master opt]# wget https:\/\/artifacts.elastic.co\/downloads\/kibana\/kibana-6.2.1-linux-x86_64.tar.gz
\n–2018-06-09 13:21:41– https:\/\/artifacts.elastic.co\/downloads\/kibana\/kibana-6.2.1-linux-x86_64.tar.gz
\nResolving artifacts.elastic.co (artifacts.elastic.co)… 107.21.237.188, 107.21.237.95, 107.21.253.15, …
\nConnecting to artifacts.elastic.co (artifacts.elastic.co)|107.21.237.188|:443… connected.
\nHTTP request sent, awaiting response… 200 OK
\nLength: 83465500 (80M) [binary\/octet-stream]
\nSaving to: \u2018kibana-6.2.1-linux-x86_64.tar.gz\u2019<\/p>\n
\n[root@elk_master opt]# ln -s \/opt\/kibana-6.2.1-linux-x86_64 \/opt\/kibana<\/p>\n
\nserver.port: 5601
\nelasticsearch.url: „http:\/\/172.17.0.6:9200” <\/em><\/p>\n
\n[root@elk_master opt]# \/opt\/kibana\/bin\/kibana –version
\n6.2.1<\/p>\n
\n[1] 8640
\n[root@elk_master opt]# log [13:26:20.034] [info][status][plugin:kibana@6.2.1] Status changed from uninitialized to green – Ready
\nlog [13:26:20.073] [info][status][plugin:elasticsearch@6.2.1] Status changed from uninitialized to yellow – Waiting for Elasticsearch
\nlog [13:26:20.193] [info][status][plugin:timelion@6.2.1] Status changed from uninitialized to green – Ready
\nlog [13:26:20.200] [info][status][plugin:console@6.2.1] Status changed from uninitialized to green – Ready
\nlog [13:26:20.212] [info][status][plugin:metrics@6.2.1] Status changed from uninitialized to green – Ready
\nlog [13:26:20.233] [info][listening] Server running at http:\/\/172.17.0.6:5601
\nlog [13:26:20.276] [info][status][plugin:elasticsearch@6.2.1] Status changed from yellow to green – Ready<\/p>\n
\ntcp 0 0 172.17.0.6:5601 0.0.0.0:* LISTEN 8640\/node<\/em><\/p>\n
\n[root@mysql_db1 ~]# mysql –login-path=root -P 3306 –prompt=’TEST>’
\nWelcome to the MySQL monitor. Commands end with ; or \\g.
\nYour MySQL connection id is 193
\nServer version: 5.7.21-log MySQL Community Server (GPL)<\/p>\n
\naffiliates. Other names may be trademarks of their respective
\nowners.<\/p>\n
\n+–––-+
\n| sleep(5) |
\n+–––-+
\n| 0 |
\n+–––-+
\n1 row in set (5.01 sec)<\/p>\n
\n+–––-+
\n| sleep(6) |
\n+–––-+
\n| 0 |
\n+–––-+
\n1 row in set (6.00 sec)<\/p>\n
\n+–––––––+
\n| run for 10 seconds |
\n+–––––––+
\n| 0 |
\n+–––––––+
\n1 row in set (10.00 sec)<\/p>\n
\n+––––+
\n| test again |
\n+––––+
\n| 0 |
\n+––––+
\n1 row in set (3.00 sec)<\/p>\n
\nBye <\/em><\/p>\n