当前位置:»论坛 生活社区 休闲灌水 帖子
返回列表 发新帖

Docker-compose部署ELK

[复制链接]
Elinkcloud

1275

主题

1275

帖子

1013

积分

金牌会员

Rank: 6Rank: 6

积分
1013
分享到:
发表于 2022-5-20 14:21:24 | 显示全部楼层 |阅读模式
环境
主机IP 192.168.0.9
Docker version 19.03.2
docker-compose version 1.24.0-rc1
elasticsearch version 6.6.1
kibana version 6.6.1
logstash version 6.6.1

一、ELK-dockerfile文件编写及配置文件

● elasticsearch
1、elasticsearch-dockerfile
FROM centos:latestADD elasticsearch-6.6.1.tar.gz /usr/local/COPY elasticsearch.yml /usr/local/elasticsearch-6.6.1/config/COPY jdk1.8 /usr/local/ENV JAVA_HOME=/usr/local/jdk1.8ENV CLASSPATH=$CLASSPATHJAVA_HOME/libJAVA_HOME/jre/libENV PATH=$JAVA_HOME/binJAVA_HOME/jre/binPATHHOME/binRUN groupadd elsearch && \useradd elsearch -g elsearch -p elasticsearch && \chown -R elsearch:elsearch /usr/local/elasticsearch-6.6.1 && \cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \echo "Asia/shanghai" > /etc/timezone && \yum install which -y && \mkdir /opt/data && \mkdir /opt/logsEXPOSE 9200 9300#主要是切换到elsearch用户启动esUSER elsearchWORKDIR /usr/local/elasticsearch-6.6.1/bin/ENTRYPOINT ["./elasticsearch"]2、elasticsearch.yml

[root@localhost elasticsearch]# egrep "^[^#]" elasticsearch.yml cluster.name: es-clusternode.name: node-1path.data: /opt/datapath.logs: /opt/logsnetwork.host: 0.0.0.0http.port: 9200cluster.routing.allocation.disk.threshold_enabled: truecluster.routing.allocation.disk.watermark.low: 94%cluster.routing.allocation.disk.watermark.high: 96%cluster.routing.allocation.disk.watermark.flood_stage: 98%discovery.zen.minimum_master_nodes: 1● logstash
1、logstash-dockerfile
FROM centos:latestADD logstash-6.6.1.tar.gz /usr/local/COPY logstash.yml /usr/local/logstash-6.6.1/config/COPY logstash.conf /usr/local/logstash-6.6.1/config/COPY jdk1.8 /usr/local/COPY start.sh /start.shENV JAVA_HOME=/usr/local/jdk1.8ENV CLASSPATH=$CLASSPATHJAVA_HOME/libJAVA_HOME/jre/libENV PATH=$JAVA_HOME/binJAVA_HOME/jre/binPATHHOME/binRUN mkdir /opt/data && \mkdir /opt/logs && \chmod +x /start.shENTRYPOINT ["/start.sh"]2、logstash-start.sh
#!/bin/bash/usr/local/logstash-6.6.1/bin/logstash -f /usr/local/logstash-6.6.1/config/logstash.conf3、logstash.yml
[root@localhost logstash]# egrep "^[^#]" logstash.yml path.data: /opt/datapath.logs: /opt/logspipeline.batch.size: 2004、logstash.conf

input { file { path => "/usr/local/nginx/logs/access.log" type => "nginx" start_position => "beginning" sincedb_path => "/dev/null" } file { path => "/var/log/secure" type => "secure" start_position => "beginning" sincedb_path => "/dev/null" }}#详细说明可以查看我之前的博客filter { grok { match => { "message" => '(?<clientip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) - - (?<requesttime>\[[0-9]{1,2}\/[A-z]+\/[0-9]{4}\:[0-9]{2}\:[0-9]{2}\:[0-9]{2} \+[0-9]*\]) "(?<requesttype>[A-Z]+) (?<requesturl>[^ ]+) (?<requestv>HTTP/\d\.\d)" (?<requestnode>[0-9]+) (?<requestsize>[0-9]+) "(?<content>[^ ]|(http|https)://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/)" "(?<ua>(a-Z|0-9| |.)+)"' } remove_field => ["message","log","beat","offset","prospector","host","@version"] }}#output指向es容器output { if [type] == "nginx" { elasticsearch { hosts => ["es:9200"] index => "nginx-%{+YYYY.MM.dd}" } } else if [type] == "secure" { elasticsearch { hosts => ["es:9200"] index => "secure-%{+YYYY.MM.dd}" } } }● kibana
1、kibana-dockerfile

FROM centos:latestADD kibana-6.6.1-linux-x86_64.tar.gz /usr/local/COPY kibana.yml /usr/local/kibana-6.6.1-linux-x86_64/config/COPY start.sh /start.shRUN chmod +x /start.shEXPOSE 5601ENTRYPOINT ["/start.sh"]2、kibana.yml
[root@localhost kibana]# egrep "^[^#]" kibana.yml server.port: 5601server.host: "0.0.0.0"#指向es容器的9200端口elasticsearch.hosts: ["http://es:9200"]3、kibana-start.sh
#!/bin/bash/usr/local/kibana-6.6.1-linux-x86_64/bin/kibana

二、docker-compose,yml文件编写
[root@localhost elk_dockerfile]# cat docker-compose.yml
version: '3.7'services: elasticsearch: image: elasticsearch:elk container_name: es networks: - elk volumes: - /opt/data:/opt/data - /opt/logs:/opt/logs expose: - 9200 - 9300 restart: always depends_on: - logstash - kibana logstash: image: logstash:elk container_name: logstash networks: - elk volumes: - /opt/logstash/data/:/op/data - /opt/logstash/logs/:/opt/logs - /opt/elk/elk_dockerfile/logstash/logstash.conf:/usr/local/logstash-6.6.1/config/logstash.conf - /usr/local/nginx/logs:/usr/local/nginx/logs - /var/log/secure:/var/log/secure restart: always kibana: image: kibana:elk container_name: kibana ports: - 5601:5601 networks: - elk volumes: - /opt/elk/elk_dockerfile/kibana/kibana.yml:/usr/local/kibana-6.6.1-linux-x86_64/config/kibana.ymlnetworks: elk:compose文件version版本指向

三、访问界面
企业专线 MPLS VPN
回复

使用道具 举报

返回列表 发新帖

使用高级回帖 (可批量传图、插入视频等)快速回复
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则   Ctrl + Enter 快速发布  

发帖时请遵守我国法律,网站会将有关你发帖内容、时间以及发帖IP地址等记录保留,只要接到合法请求,即会将信息提供给有关政府机构。
快速回复 返回顶部 返回列表