安装ELK日志监控系统的心路历程(很尬...解决各种坑) ELK日志监控系统由三个开源产品共同构成,Elasticsearch + Logstash + Kibana我都使用的是5.6.1的版本下载地址:https://www.elastic.co/cn/downloads一
ELK日志监控系统由三个开源产品共同构成,Elasticsearch + Logstash + Kibana
我都使用的是5.6.1的版本
下载地址:https://www.elastic.co/cn/downloads
一.先安装Elasticsearch(坑还是很多的...)
tar -zxvf elasticsearch-5.6.1.tar.gz -C /usr/local/
vi config/elasticsearch.yml
node.name: (linux的hostname)
path.data: /usr/local/path
path.logs: /usr/local/log
bootstrap.memory_lock: true
network.host: 127.0.0.1
Elasticsearch不允许以root用户启动,否则会报错:can not run elasticsearch as root。需要创建普通用户,并切换到普通用户启动。
注意,elasticsearch-5.6.1目录的属主和属组也要修改,否则会报权限错误。
groupadd elasticsearch
useradd elasticsearch -g elasticsearch
chown elasticsearch.elasticsearch /usr/local/elasticsearch/ -R
chown elasticsearch.elasticsearch /usr/local/path/ -R
chown elasticsearch.elasticsearch /usr/local/log/ -R
据说Elasticsearch5.0开始就不再支持site plugins,需要将Elasticsearch-head单独安装(坑就在这...)
Elasticsearch5.6.1需要与jdk1.8搭配
yum install nodejs npm -y
yum install git -y
elasticsearch-head 不能放在elasticsearch的 plugins、modules 目录下,否则启动会报错
故,将elasticsearch-head放到 /usr/local/src 目录并安装
cd /usr/local/src/
git clone git://github.com/mobz/elasticsearch-head.git(需要自行用npm编译源码)
cd elasticsearch-head/
npm install
------------------------坑 start------------------------
(坑1).使用centOS6.x的yum 安装nodejs和npm时,yum源不足会造成问题
解决方法:
要通过 yum 来安装 nodejs 和 npm 需要先给 yum 添加 epel 源;
添加 epel 源
64位:
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
32位:
rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
导入 key:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
添加 remi 源
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
添加方法在 centos 添加epel和remi源 中
安装完成后,执行
yum -y install nodejs npm --enablerepo=epel
(坑2).rpmdb的错误(-30974)
报错信息:
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:
Error: rpmdb open failed
解决方法:
[root@fedora-cloudibee home]# yum list | grep -i xml
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:
Error: rpmdb open failed
[root@fedora-cloudibee home]# yum clean
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:
Error: rpmdb open failed
[root@fedora-cloudibee home]# rpm -qa
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
error: cannot open Packages database in /var/lib/rpm
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages database in /var/lib/rpm
[root@fedora-cloudibee home]# ls /var/lib/rpm
Basenames Conflictname __db.001 __db.002 __db.003 __db.004 Dirnames Filedigests Group Installtid Name Obsoletename Packages Providename Provideversion Pubkeys Requirename Requireversion Sha1header Sigmd5 Triggername
[root@fedora-cloudibee home]#
[root@fedora-cloudibee home]# rpm --rebuilddb
rpmdb: Thread/process 31902/140347322918656 failed: Thread died in Berkeley DB library
error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
[root@fedora-cloudibee home]#
[root@fedora-cloudibee home]# rm -f /var/lib/rpm/__*
[root@fedora-cloudibee home]# rpm --rebuilddb
[root@fedora-cloudibee home]# rpm -qa | wc -l
629
(坑3).npm的安装不顺利,会报错(file /usr/lib64/libkadm5clnt_mit.so.8.0 from install of libkadm5-1.10.3-65.el6.x86_64 conflicts with file from package krb5-libs-1.10.3-33.el6.x86_64)
解决方法:
rpm -e krb5-libs-1.10.3-33.el6.x86_64
------------------------坑 end------------------------
对elasticsearch的配置文件进行修改
vim elasticsearch/config/elasticsearch.yml # 添加如下两行代码(":" 后边要有个空格)
http.cors.enabled: true
http.cors.allow-origin: "*"
# 重启elasticsearch服务,使其配置生效.
对elasticsearch-head/进行修改
由于head的代码还是老版本的,直接执行有很多限制,比如无法跨机器访问。因此需要用户修改两个地方:
1)修改服务器监听地址:
# vim elasticsearch-head/Gruntfile.js # 增加hostname属性,设置为*
connect: {
server: {
options: {
port: 9100,
hostname: '*',
base: '.',
keepalive: true
}
}
}
2)修改连接es服务的地址:(位置在4354行 或者vi命令 /app-base_uri )
vim elasticsearch-head/_site/app.js # 修改为es的服务器IP
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://127.0.0.1:9200";
过程中如果报错:grunt-cli的错我,则使用npm install -g grunt-cli
如果过程中,报错内容为"module"模块化的错误,则可以Remove node_modules directory => npm cache clean => npm install重新安装npm包
3)启动head服务
cd /usr/local/src/elasticsearch-head
./node_modules/grunt/bin/grunt server &
4)验证 curl -I http://localhost:9100 查看200状态