一、安装docker、docker-compose、nginx
略
二、创建服务目录
目录划分
/data/elk/es
——/data/elk/es/conf
——/data/elk/es/data
——/data/elk/es/logs
/data/elk/kibana
——/data/elk/kibana/conf
/data/elk/logstash
——/data/elk/logstash/conf
/data/elk/filebeat
——/data/elk/filebeat/conf
——/data/elk/filebeat/logs修改目录权限
chmod 777 -R /data三、编写docker-compose yaml文件
version: "3"
services:
es:
container_name: es
hostname: es
image: elasticsearch:7.17.1
restart: always
networks:
- elk
user: root
ports:
- 9200:9200
- 9300:9300
volumes:
- /data/elk/es/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/elk/es/data:/usr/share/elasticsearch/data
- /data/elk/es/logs:/usr/share/elasticsearch/logs
environment:
- "TZ=Asia/Shanghai"
kibana:
container_name: kibana
hostname: kibana
image: kibana:7.17.1
restart: always
networks:
- elk
ports:
- 5601:5601
volumes:
- /data/elk/kibana/conf/kibana.yml:/usr/share/kibana/config/kibana.yml
environment:
- elasticsearch.hosts=http://es:9200
- "TZ=Asia/Shanghai"
depends_on:
- es
logstash:
container_name: logstash
hostname: logstash
image: logstash:7.17.1
command: logstash -f ./conf/logstash.yml
restart: always
networks:
- elk
user: root
volumes:
- /data/elk/logstash/conf/logstash.yml:/usr/share/logstash/conf/logstash.yml
environment:
- elasticsearch.hosts=http://es:9200
- xpack.monitoring.elasticsearch.hosts=http://es:9200
- "TZ=Asia/Shanghai"
ports:
- 5044:5044
depends_on:
- es
filebeat:
container_name: filebeat
hostname: filebeat
image: elastic/filebeat:7.17.1
user: root
volumes:
- /data/elk/filebeat/logs/nginx:/var/log/nginx/
- /data/elk/filebeat/conf/filebeat.yml:/usr/share/filebeat/filebeat.yml
networks:
- elk
environment:
- "TZ=Asia/Shanghai"
depends_on:
- es
- kibana
- logstash
networks:
elk:
ipam:
driver: default
config:
- subnet: 192.168.1.0/24四、编写各服务配置文件
# elasticsearch.yml
cluster.name: es
node.name: node150
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node150"]
# kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://es:9200"]
i18n.locale: "zh-CN"
# logstash.yml
input {
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["es:9200"]
}
}
# filebeat.yml
## filebeat服务对于配置文件权限要求除owner外其余不能有写权限,注意修改权限
## 可使用命令chmod go-w filebeat.yml调整
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/*.log
scan_frequency: 10s
tail_files: true
fields:
index_name: "nginx_log"
output.logstash:
hosts: ["logstash:5044"]
版权声明:本文为HaZ3876原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。