Nginx日志分析ELK安装文档.doc

Nginx日志分析ELK安装文档1.准备工作1.1安装包1、jdk-8u60-linux-x64.gz2、elasticsearch-2.2.0.tar.gz3、logstash-2.2.2.tar.gz4、kibana-4.4.2-linux-x64.tar.gz5、redis-3.0.7.tar.gz6、keepalived-1.2.19.tar.gz1.2操作系统环境# cat /etc/redhat-release CentOS release 6.4 (Final)1.3安装流程1.4服务器及软件清单服务器软件安装列表Java-1.8.0Logstash-2.2.0redis-3.0.7Keepalived-1.2.19Elasticsearch-2.2.0Kibana-4.4.2Log server()Redis server1（4）Redis server2（5）Logstash（3）Elasticsearch server1（1）Elasticsearch server2（2）Kibana（6）2.Nginx Log server安装logstash软件（IP ）2.1Java环境的安装Java环境的安装#cd /usr/src#tar xf jdk-8u60-linux-x64.gz -C /usr/local/#cd /usr/local# mv jdk1.8.0_60 java-1.8.0# ln -s java-1.8.0 java设置java环境变量#cat /etc/profile EOF#To start添加java的环境变量by xxx 20160216export JAVA_HOME=/usr/local/javaexport JRE_HOME=/usr/local/java/jreexport CLASSPATH=.:%JAVA_HOME%/lib/dt.jar:%JAVA_HOME%/lib/tools.jarexport PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH#To end添加java的环境变量by xxx 20160216 /usr/local/nginx/logs/access_android.log #日志文件路径 start_position = beginning output redis data_type = list key = s2-android host = 0 #redis keeplived虚拟地址 port = 6379 #redis 端口号 db = 1 #选择数据库“1” 2.2.3启动logstash# /usr/local/logstash/bin/logstash agent -f /usr/local/logstash/etc/conf.d/s2-android-redis.conf &2.3 logstash相关知识点2.3.1 logstash插件目录：/usr/local/logstash/vendor/bundle/jruby/1.9/gems3.搭建高可用redis server(IP 4;5)3.1redis server1(主4)的搭建3.1.1redis的安装#cd /usr/src#tar xf redis-3.0.7.tar.gz# cd redis-3.0.7#make# make PREFIX=/usr/local/redis-3.0.7 install# ln -s /usr/local/redis-3.0.7 /usr/local/redis# cd /usr/local/redis# mkdir data# mkdir etc# mkdir log# mkdir p var/637设置配置文件#cd /usr/local/redis/etc#touch 6379.conf# cat 6379.conf |grep a-zdaemonize yespidfile /usr/local/redis/var/redis_6379.pidport 6379tcp-backlog 511timeout 0tcp-keepalive 0loglevel noticelogfile /usr/local/redis/log/redis_6379.logdatabases 16save 900 1save 300 10save 60 10000stop-writes-on-bgsave-error yesrdbcompression yesrdbchecksum yesdbfilename dump.rdbdir /usr/local/redis/var/6379slave-serve-stale-data yesslave-read-only yesrepl-diskless-sync norepl-diskless-sync-delay 5repl-disable-tcp-nodelay noslave-priority 100maxmemory 3GBappendonly yesappendfilename appendonly.aofappendfsync everysecno-appendfsync-on-rewrite noauto-aof-rewrite-percentage 100auto-aof-rewrite-min-size 64mbaof-load-truncated yeslua-time-limit 5000slowlog-log-slower-than 10000slowlog-max-len 128latency-monitor-threshold 0notify-keyspace-events hash-max-ziplist-entries 512hash-max-ziplist-value 64list-max-ziplist-entries 512list-max-ziplist-value 64set-max-intset-entries 512zset-max-ziplist-entries 128zset-max-ziplist-value 64hll-sparse-max-bytes 3000activerehashing yesclient-output-buffer-limit normal 0 0 0client-output-buffer-limit slave 256mb 64mb 60client-output-buffer-limit pubsub 32mb 8mb 60hz 10aof-rewrite-incremental-fsync yes设置开机启动#echo PATH=$PATH:/usr/local/redis/bin /etc/profile# source /etc/profile启动redis#/usr/local/redis/bin/redis-server /usr/local/redis/etc/6379.conf3.1.2Keepalived的安装Keepalived的安装及配置#cd /usr/src#wget 5//c3pr90ntcsf0/software/keepalived-1.2.19.tar.gz#tar xf keepalived-1.2.19.tar.gz# cd keepalived-1.2.19#./configure -prefix=/usr/local/keepalived-1.2.19 -datadir=/usr/local/keepalived/data -docdir=/usr/local/keepalived/doc# make & make install#cd /usr/local/#ln -s keepalived-1.2.19 keepalived#cd /usr/local/keepalived/etc/keepalived#vim keepalived.conf! Configuration File for keepalivedglobal_defs router_id redis34vrrp_script chk_redis script /etc/keepalived/scripts/redis_check.sh 6379 interval 2 timeout 2 fall 3vrrp_instance redis state MASTER # master set to SLAVE also interface eth0 virtual_router_id 50 priority 150 nopreempt # no seize,must add advert_int 1 authentication #all node must same auth_type PASS auth_pass 1111 virtual_ipaddress 0/24 #keepalived的虚拟IP track_script chk_redis notify_master /etc/keepalived/scripts/redis_master.sh 5 6379 notify_backup /etc/keepalived/scripts/redis_backup.sh 5 6379 notify_fault /etc/keepalived/scripts/redis_fault.sh notify_stop /etc/keepalived/scripts/redis_stop.shRedis check脚本#cd /etc/keepalived/scripts/1.#touch redis_backup.sh#chmod +x redis_backup.sh#vim redis_backup.sh#!/bin/bash REDISCLI=/usr/local/redis/bin/redis-cliLOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho backup $LOGFILEdate $LOGFILEecho Run SLAVEOF cmd . $LOGFILE$REDISCLI SLAVEOF $2 $3 $LOGFILE 2&1# echo Being slave. $LOGFILE 2&1 sleep 15 #delay 15 s wait data sync exchange role2.#touch redis_check.sh#chmod +x redis_check.sh#vim redis_check.sh#!/bin/bash ALIVE=/usr/local/redis/bin/redis-cli -h $1 -p $2 PINGLOGFILE=/usr/local/redis/log/keepalived-redis-check.logecho CHECK $LOGFILEdate $LOGFILEif $ALIVE = PONG ; then : echo Success: redis-cli -h $1 -p $2 PING $ALIVE $LOGFILE 2&1 exit 0else echo Failed:redis-cli -h $1 -p $2 PING $ALIVE $LOGFILE 2&1 exit 1fi3.#touch redis_fault.sh#chmod +x redis_fault.sh#vim redis_fault.sh#!/bin/bash LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho fault $LOGFILEdate $LOGFILE4.#touch redis_master.sh#chmod +x redis_master.sh#vim redis_master.sh#!/bin/bash REDISCLI=/usr/local/redis/bin/redis-cli -h $1 -p $3LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho master $LOGFILEdate $LOGFILEecho Being master. $LOGFILE 2&1echo Run MASTER cmd . $LOGFILE 2&1$REDISCLI SLAVEOF $2 $3 $LOGFILEsleep 10 #delay 10 s wait data async cancel syncecho Run SLAVEOF NO ONE cmd . $LOGFILE$REDISCLI SLAVEOF NO ONE $LOGFILE 2&15.#touch redis_stop.sh#chmod +x redis_stop.sh#vim redis_stop.sh#!/bin/bash LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho stop $LOGFILEdate $LOGFILE设置开机启动#chkconfig add /etc/init.d/keepalivd #chkconfig keepalived on启动keepalived#/etc/init.d/keepalived start3.2Redis server2(备5)的搭建 3.2.1Redis的安装配置文件不同如下：#cd /usr/local/redis/etc#cat 6379.conf |grep a-zdaemonize yespidfile /var/run/redis_6379.pidport 6379tcp-backlog 511timeout 0tcp-keepalive 0loglevel noticelogfile /usr/local/redis/log/redis_6379.logdatabases 16save 900 1save 300 10save 60 10000stop-writes-on-bgsave-error yesrdbcompression yesrdbchecksum yesdbfilename dump.rdbdir /usr/local/redis/var/6379slaveof 4 6379 #redis master IPslave-serve-stale-data yesslave-read-only yesrepl-diskless-sync norepl-diskless-sync-delay 5repl-disable-tcp-nodelay noslave-priority 100maxmemory 3GBappendonly noappendfilename appendonly.aofappendfsync everysecno-appendfsync-on-rewrite noauto-aof-rewrite-percentage 100auto-aof-rewrite-min-size 64mbaof-load-truncated yeslua-time-limit 5000slowlog-log-slower-than 10000slowlog-max-len 128latency-monitor-threshold 0notify-keyspace-events hash-max-ziplist-entries 512hash-max-ziplist-value 64list-max-ziplist-entries 512list-max-ziplist-value 64set-max-intset-entries 512zset-max-ziplist-entries 128zset-max-ziplist-value 64hll-sparse-max-bytes 3000activerehashing yesclient-output-buffer-limit normal 0 0 0client-output-buffer-limit slave 256mb 64mb 60client-output-buffer-limit pubsub 32mb 8mb 60hz 10aof-rewrite-incremental-fsync yeskeepalived的安装keepalived的配置文件：#cd /usr/local/keepalived/etc/keepalived#vim keepalived.conf! Configuration File for keepalivedglobal_defs router_id redis35vrrp_script chk_redis script /etc/keepalived/scripts/redis_check.sh 6379 interval 2 timeout 2 fall 3vrrp_instance redis state BACKUP interface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication #all node must same auth_type PASS auth_pass 1111 virtual_ipaddress 0/24 #keepalved虚拟IP track_script chk_redis notify_master /etc/keepalived/scripts/redis_master.sh 4 6379 notify_backup /etc/keepalived/scripts/redis_backup.sh 4 6379 notify_fault /etc/keepalived/scripts/redis_fault.sh notify_stop /etc/keepalived/scripts/redis_stop.shRedis check 脚本#cd cd /etc/keepalived/scripts/ 1.#touch redis_backup.sh#chmod +x redis_backup.sh#vim redis_backup.sh#!/bin/bash REDISCLI=/usr/local/redis/bin/redis-cliLOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho BACKUP $LOGFILEdate $LOGFILEecho Being slave. $LOGFILE 2&1echo Run SLAVEOF cmd . $LOGFILE 2&1$REDISCLI SLAVEOF $2 $3 $LOGFILEsleep 100 #delay 10 s wait data async cancel sync exit(0)2.#touch redis_check.sh#chmod +x redis_check.sh#vim redis_check.sh#!/bin/bash ALIVE=/usr/local/redis/bin/redis-cli -h $1 -p $2 PINGLOGFILE=/usr/local/redis/log/keepalived-redis-check.logecho CHECK $LOGFILEdate $LOGFILEif $ALIVE = PONG ; then : echo Success: redis-cli -h $1 -p $2 PING $ALIVE $LOGFILE 2&1 exit 0else echo Failed:redis-cli -h $1 -p $2 PING $ALIVE $LOGFILE 2&1 exit 1fi3.#touch redis_fault.sh#chmod +x redis_fault.sh#vim redis_fault.sh#!/bin/bash LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho fault $LOGFILEdate $LOGFILE4.#touch redis_master.sh#chmod +x redis_master.sh#vim redis_master.sh#!/bin/bash REDISCLI=/usr/local/redis/bin/redis-cli -h $1 -p $3LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho master $LOGFILEdate $LOGFILEecho Being master. $LOGFILE 2&1echo Run SLAVEOF cmd . $LOGFILE$REDISCLI SLAVEOF $2 $3 $LOGFILE 2&1#echo SLAVEOF $2 cmd cant excute . $LOGFILE sleep 10 #delay 15 s wait data sync exchange roleecho Run SLAVEOF NO ONE cmd . $LOGFILE$REDISCLI SLAVEOF NO ONE $LOGFILE 2&15.#touch redis_stop.sh#chmod +x redis_stop.sh#vim redis_stop.sh#!/bin/bash LOGFILE=/usr/local/redis/log/keepalived-redis-state.logecho stop $LOGFILEdate $LOGFILE设置开机启动及启动keepalived同上4.安装logstash server转换日志（IP 3）4.1Java的安装（略）4.2Logstash的安装4.2.1Logstash的安装#cd /usr/src#tar xf logstash-2.2.2.tar.gz -C /usr/local/#cd /usr/local#ln -s logstash-2.2.2 logstash#cd logstash#mkdir -p etc/conf.d#mkdir log#mkdir pattern #与logstash在nginx log server上不同#mkdir var4.2.2配置logstash.conf文件#cd /usr/local/logstash/etc/conf.d/#touch s2.android-es.conf#vim s2.android-es.confinput redis host = 0 #redis keepalived 的虚拟IP port = 6379 db = 1 data_type = list key = s2-android filter grok match = message = %WCC_ANDROID_NGINX patterns_dir = /usr/local/logstash/pattern kv add_field =request=%interface?%interface_parameter source = interface_parameter field_split = &? value_split = = geoip source =clientip urldecode all_fields = true output elasticsearch hosts = 1 index = s2-android-%+YYYY.MM.dd 4.2.3配置partten （kibana需要的拆分依据）#cd /usr/local/logstash/pattern#touch nginx_access#vim nginx_accessNGUSERNAME a-zA-Z.-+_%+NGUSER %NGUSERNAMEWCC_ANDROID_NGINX %IPORHOST:clientip %NGUSER:ident %NGUSER:auth %HTTPDATE:timestamp %WORD:verb %NOTSPACE:interface?%NOTSPACE:interface_parameter HTTP/%NUMBER:httpversion %NUMBER:response %NUMBER:bytes - %QS:agents+(?:%IP:http_forward|-)s+(?:%WORD:grid|-)s+(?:%WORD:imsi|-)s+(?:%WORD:urid|-)s+%BASE10NUM:request_time4.2.4启动logstash#/usr/local/logstash/bin/logstash agent -f /usr/local/logstash/etc/conf.d/s2.android-es.conf &5.Elasticsearchserver的安装（IP 1；2）5.1Elasticsearch server1的安装（IP 1）5.1.1Java的安装（略）5.1.2Elasticsearch的安装#cd /usr/src#tar xf elasticsearch-2.2.0.tar.gz -C /usr/local/#cd /usr/local/#ln -s elasticsearch-2.2.0 elasticsearch#cd /usr/local/elasticsearch#mkdir data#mkdir logs5.1.3配置elasticsearch.yml文件#/usr/local/elasticsearch/config# cat elasticsearch.yml|grep : : s2-es-node1path.data: /usr/local/elasticsearch/datapath.logs: /usr/local/elasticsearch/logsbootstrap.mlockall: truenetwork.host: 1http.port: 9200discovery.zen.ping.unicast.hosts: 1, 25.1.4root启动报错#/usr/local/elasticsearch/bin/elasticsearch Exception in thread main java.lang.RuntimeException: dont run elasticsearch as root.#在之前的版本中可以使用root账户启动，但2.0版本及以后的版本估计就不行了。解决办法，创建elasticsearch启动用户#groupadd es#useradd -g es -s /sbin/nologin es#chown R es.es /usr/local/elasticsearch-2.2.0#su