CentOS yum 安装 EFK 7.17

软件	说明
elasticsearch	分布式、高扩展、高实时的搜索与数据分析引擎
kibana	一个基于浏览器的Elasticsearch分析和搜索仪表板
filebeat	收集文件数据

文档	文档链接
elasticsearch 7.17 yum 文档	https://www.elastic.co/guide/en/elasticsearch/reference/7.17/rpm.html
kibana 7.17 yum 文档	https://www.elastic.co/guide/en/kibana/7.17/rpm.html
filebeat 7.17 yum 文档	https://www.elastic.co/guide/en/beats/filebeat/7.17/setup-repositories.html

为何不选择 ELK（Elasticsearch、Logstash、Kibana）？

Logstash 占用资源太多，而 Filebeat 是轻量级的，可以忽略不计

说明

为了文档满足所有部署条件及相关限制，故将 elasticsearch、kibana、filebeat 分别安装在三台服务器上

安装过程

在 elasticsearch 所在的服务器上操作

导入 elasticsearch GPG 密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
1

添加 elasticsearch yum 源
在 CentOS 中新增文件 /etc/yum.repos.d/elasticsearch.repo

 vi /etc/yum.repos.d/elasticsearch.repo
1

文件内容：

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
1
2
3
4
5
6
7
8

搜索 elasticsearch 版本号

 yum --showduplicates list elasticsearch --enablerepo=elasticsearch
1

 [root@centos7-2009 yum.repos.d]# yum --showduplicates list elasticsearch --enablerepo=elasticsearch
 Loaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
  * base: mirrors.aliyun.com
  * extras: mirrors.aliyun.com
  * updates: mirrors.huaweicloud.com
 Available Packages
 elasticsearch.x86_64                                                         7.0.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.0.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.1.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.1.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.2.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.2.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.3.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.3.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.3.2-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.4.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.4.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.4.2-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.5.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.5.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.5.2-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.6.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.6.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.6.2-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.7.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.7.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.8.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.8.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.9.0-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.9.1-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.9.2-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.9.3-1                                                          elasticsearch
 elasticsearch.x86_64                                                         7.10.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.10.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.10.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.11.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.11.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.11.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.12.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.12.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.13.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.13.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.13.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.13.3-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.13.4-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.14.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.14.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.14.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.15.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.15.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.15.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.16.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.16.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.16.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.16.3-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.0-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.1-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.2-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.3-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.4-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.5-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.6-1                                                         elasticsearch
 elasticsearch.x86_64                                                         7.17.7-1                                                         elasticsearch
 [root@centos7-2009 yum.repos.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

安装 elasticsearch，由于个版本存在差异，本文以 7.17（当前时间为
2022-10-28，7.17为主版本7的最新版）为例，为了防止后续主版本7有所更改，导致本文配置无效，故安装时指定版本为 7.17

sudo yum install -y --enablerepo=elasticsearch elasticsearch-7.17.7-1
1

[root@centos7-2009 yum.repos.d]# sudo yum install -y --enablerepo=elasticsearch elasticsearch-7.17.7-1
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.huaweicloud.com
  Resolving Dependencies
  --> Running transaction check
  ---> Package elasticsearch.x86_64 0:7.17.7-1 will be installed
  --> Finished Dependency Resolution

Dependencies Resolved
 
===========================================================================================================================================================
  Package                                 Arch                             Version                            Repository                               Size
===========================================================================================================================================================
Installing:
elasticsearch x86_64 7.17.7-1 elasticsearch 300 M

Transaction Summary
===========================================================================================================================================================
Install 1 Package

Total download size: 300 M
Installed size: 501 M
Downloading packages:
elasticsearch-7.17.7-x86_64.rpm | 300 MB 00:00:30     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Installing : elasticsearch-7.17.7-1.x86_64 1/1
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
  sudo systemctl daemon-reload
  sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
  sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore
Verifying  : elasticsearch-7.17.7-1.x86_64 1/1

Installed:
elasticsearch.x86_64 0:7.17.7-1

Complete!
[root@centos7-2009 yum.repos.d]#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

elasticsearch 常用命令

查看状态

systemctl status elasticsearch.service
1

查看开机启动状态

systemctl list-unit-files | grep elasticsearch.service
1

启动

systemctl start elasticsearch.service
1

停止

systemctl stop elasticsearch.service
1

重启

systemctl restart elasticsearch.service
1

打开开机自启

systemctl enable elasticsearch.service
1

关闭开机自启

systemctl disable elasticsearch.service
1

查看状态

curl 127.0.0.1:9200/_cat/health
1

如果返回下列信息，表示正常启动：

[root@centos7-2009 yum.repos.d]# curl 127.0.0.1:9200/_cat/health
1666948679 09:17:59 elasticsearch green 1 1 3 3 0 0 0 0 - 100.0%
1
2

elasticsearch 远程访问

开放端口

firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
1
2
3

修改 /etc/elasticsearch/elasticsearch.yml 文件，使 elasticsearch 可以远程访问：

vi /etc/elasticsearch/elasticsearch.yml
1

network.host: 0.0.0.0
1

修改了远程连接后，需要将下列配置放开（名称可以自己指定），否则启动失败：

cluster.name: my-application
node.name: node-1
cluster.initial_master_nodes: ["node-1"]
1
2
3

重启 elasticsearch

systemctl restart elasticsearch.service
1

在 kibana 所在的服务器上操作

导入 kibana GPG 密钥（与 elasticsearch 相同）

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
1

添加 kibana yum 源
在 CentOS 中新增文件 /etc/yum.repos.d/kibana.repo，文件内容：

vi /etc/yum.repos.d/kibana.repo 
1

[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
1
2
3
4
5
6
7
8

搜索 kibana 版本号

yum --showduplicates list kibana
1

[root@centos8 ~]# yum --showduplicates list kibana
CentOS-8.5.2111 - Base - mirrors.aliyun.com                                                                                 38 kB/s | 3.9 kB     00:00    
CentOS-8.5.2111 - Extras - mirrors.aliyun.com                                                                               20 kB/s | 1.5 kB     00:00    
CentOS-8.5.2111 - AppStream - mirrors.aliyun.com                                                                            41 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                                                                              46 kB/s | 4.7 kB     00:00    
Kibana repository for 7.x packages                                                                                         8.3 MB/s |  47 MB     00:05    
Available Packages
kibana.x86_64                                                              7.0.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.0.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.1.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.1.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.2.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.2.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.3.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.3.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.3.2-1                                                               kibana-7.x
kibana.x86_64                                                              7.4.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.4.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.4.2-1                                                               kibana-7.x
kibana.x86_64                                                              7.5.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.5.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.5.2-1                                                               kibana-7.x
kibana.x86_64                                                              7.6.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.6.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.6.2-1                                                               kibana-7.x
kibana.x86_64                                                              7.7.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.7.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.8.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.8.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.9.0-1                                                               kibana-7.x
kibana.x86_64                                                              7.9.1-1                                                               kibana-7.x
kibana.x86_64                                                              7.9.2-1                                                               kibana-7.x
kibana.x86_64                                                              7.9.3-1                                                               kibana-7.x
kibana.x86_64                                                              7.10.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.10.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.10.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.11.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.11.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.11.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.11.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.11.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.11.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.12.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.12.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.12.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.12.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.13.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.13.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.13.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.13.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.13.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.13.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.13.3-1                                                              kibana-7.x
kibana.x86_64                                                              7.13.3-1                                                              kibana-7.x
kibana.aarch64                                                             7.13.4-1                                                              kibana-7.x
kibana.x86_64                                                              7.13.4-1                                                              kibana-7.x
kibana.aarch64                                                             7.14.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.14.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.14.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.14.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.14.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.14.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.15.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.15.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.15.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.15.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.15.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.15.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.16.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.16.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.16.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.16.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.16.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.16.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.16.3-1                                                              kibana-7.x
kibana.x86_64                                                              7.16.3-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.0-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.0-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.1-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.1-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.2-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.2-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.3-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.3-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.4-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.4-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.5-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.5-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.6-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.6-1                                                              kibana-7.x
kibana.aarch64                                                             7.17.7-1                                                              kibana-7.x
kibana.x86_64                                                              7.17.7-1                                                              kibana-7.x
[root@centos8 ~]#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

安装 kibana 7.17.7-1

sudo yum install -y kibana-7.17.7-1
1

安装过程

[root@centos8 ~]# sudo yum install -y kibana-7.17.7-1
Last metadata expiration check: 0:01:34 ago on Fri 28 Oct 2022 05:45:21 PM CST.
Dependencies resolved.
===========================================================================================================================================================
 Package                            Architecture                       Version                                Repository                              Size
===========================================================================================================================================================
Installing:
 kibana                             x86_64                             7.17.7-1                               kibana-7.x                             256 M

Transaction Summary
===========================================================================================================================================================
Install  1 Package

Total download size: 256 M
Installed size: 649 M
Downloading Packages:
kibana-7.17.7-x86_64.rpm                                                                                                   9.1 MB/s | 256 MB     00:28    
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                      9.1 MB/s | 256 MB     00:28     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                   1/1 
  Running scriptlet: kibana-7.17.7-1.x86_64                                                                                                            1/1 
  Installing       : kibana-7.17.7-1.x86_64                                                                                                            1/1 
  Running scriptlet: kibana-7.17.7-1.x86_64                                                                                                            1/1 
Creating kibana group... OK
Creating kibana user... OK

Created Kibana keystore in /etc/kibana/kibana.keystore

  Verifying        : kibana-7.17.7-1.x86_64                                                                                                            1/1 

Installed:
  kibana-7.17.7-1.x86_64                                                                                                                                   

Complete!
[root@centos8 ~]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

kibana 常用命令

查看状态

systemctl status kibana.service
1

查看开机启动状态

systemctl list-unit-files | grep kibana.service
1

启动

systemctl start kibana.service
1

停止

systemctl stop kibana.service
1

重启

systemctl restart kibana.service
1

打开开机自启

systemctl enable kibana.service
1

关闭开机自启

systemctl disable kibana.service
1

开放端口

firewall-cmd --zone=public --add-port=5601/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
1
2
3

修改 /etc/kibana/kibana.yml 开放远程连接

vi /etc/kibana/kibana.yml
1

server.host: "0.0.0.0"
1

启动
```
systemctl start kibana.service
1
```
浏览器访问： http://kibana服务的ip:5601
显示：Kibana server is not ready yet，原因：kibana 未连接到 elasticsearch

修改 /etc/kibana/kibana.yml，连接到 elasticsearch

vi /etc/kibana/kibana.yml
1

elasticsearch.hosts: ["http://elasticsearch服务器的IP:9200"]
1

重启 kibana
```
systemctl restart kibana.service
1
```
访问 http://kibana服务的ip:5601 ，正常显示内容，但是内容为英文

修改 /etc/kibana/kibana.yml，将语言改为中文

vi /etc/kibana/kibana.yml
1

i18n.locale: "zh-CN"
1

重启 kibana
```
systemctl restart kibana.service
1
```
浏览器访问： http://kibana服务的ip:5601/app/fleet/agents ，可查看到需要开启 xpack.security.enabled
、xpack.security.authc.api_key.enabled

在 elasticsearch 所在的服务器上操作

修改 /etc/elasticsearch/elasticsearch.yml 文件，启用 xpack.security.enabled

vi /etc/elasticsearch/elasticsearch.yml
1

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
1
2

重启 elasticsearch

systemctl restart elasticsearch.service
1

执行下列命令，自动生成密码

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
1

保存执行结果

[root@centos7-2009 yum.repos.d]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = 56NDmS7zsVL17oU5C9kh

Changed password for user kibana_system
PASSWORD kibana_system = gYZtnvSz5d6Nzy4m1PP5

Changed password for user kibana
PASSWORD kibana = gYZtnvSz5d6Nzy4m1PP5

Changed password for user logstash_system
PASSWORD logstash_system = ewnuRmRl4hkmWKOF8src

Changed password for user beats_system
PASSWORD beats_system = BmqUkhVW48TUYr1Dun9S

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = SLPxYg42EgKBXejBrRiu

Changed password for user elastic
PASSWORD elastic = F7M6EklcuAgKIvaMy0JP

[root@centos7-2009 yum.repos.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

访问 127.0.0.1:9200/_cat/health
其中 ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA== 为上述生成的 elastic + 英文冒号 + 密码计算 Base64 得到的，即：Basic验证

curl 127.0.0.1:9200/_cat/health --header 'Authorization: Basic ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA=='
1

[root@centos7-2009 yum.repos.d]# curl 127.0.0.1:9200/_cat/health --header 'Authorization: Basic ZWxhc3RpYzpGN002RWtsY3VBZ0tJdmFNeTBKUA=='
1666952483 10:21:23 elasticsearch green 1 1 10 10 0 0 0 0 - 100.0%
1
2

在 kibana 所在的服务器上操作
1. 修改 /etc/kibana/kibana.yml 文件，配置密码，密码是上述生成的
```
elasticsearch.username: "kibana_system"
elasticsearch.password: "gYZtnvSz5d6Nzy4m1PP5"
1
2
```
2. 重启 kibana
```
systemctl restart kibana.service
1
```
3. 浏览器访问： http://kibana服务的ip:5601 ，提示输入密码，可使用上述生成的密码：elastic/F7M6EklcuAgKIvaMy0JP
4. 浏览器访问： http://kibana服务的ip:5601/app/fleet/agents ，可查看到 xpack.security.enabled 已配置成功
在 elasticsearch 所在的服务器上操作
1. 修改 /etc/elasticsearch/elasticsearch.yml 文件，启用 xpack.security.authc.api_key.enabled
```
vi /etc/elasticsearch/elasticsearch.yml
1
```
```
xpack.security.authc.api_key.enabled: true
1
```
2. 重启 elasticsearch
```
systemctl restart elasticsearch.service
1
```
3. 浏览器访问： http://kibana服务的ip:5601/app/fleet/agents
  ，即可发现无 xpack.security.enabled、xpack.security.authc.api_key.enabled 提示了，说明已配置完成

在 filebeat 所在的服务器上操作

导入 filebeat GPG 密钥（与 elasticsearch 相同）

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
1

添加 filebeat yum 源

vi /etc/yum.repos.d/elastic.repo
1

[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
1
2
3
4
5
6
7
8

搜索 filebeat 版本号

yum --showduplicates list filebeat
1

[root@dev ~]# yum --showduplicates list filebeat
已加载插件：fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                                  | 8.0 kB  00:00:00     
 * base: mirrors.tuna.tsinghua.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.bupt.edu.cn
 * updates: mirrors.bupt.edu.cn
base                                                                                                                  | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                      | 3.5 kB  00:00:00     
elastic-7.x                                                                                                           | 1.3 kB  00:00:00     
epel                                                                                                                  | 4.7 kB  00:00:00     
extras                                                                                                                | 2.9 kB  00:00:00     
runner_gitlab-ci-multi-runner/x86_64/signature                                                                        |  862 B  00:00:00     
runner_gitlab-ci-multi-runner/x86_64/signature                                                                        | 1.0 kB  00:00:00 !!! 
runner_gitlab-ci-multi-runner-source/signature                                                                        |  862 B  00:00:00     
runner_gitlab-ci-multi-runner-source/signature                                                                        |  951 B  00:00:00 !!! 
runner_gitlab-runner/x86_64/signature                                                                                 |  862 B  00:00:00     
runner_gitlab-runner/x86_64/signature                                                                                 | 1.0 kB  00:00:00 !!! 
runner_gitlab-runner-source/signature                                                                                 |  862 B  00:00:00     
runner_gitlab-runner-source/signature                                                                                 |  951 B  00:00:00 !!! 
updates                                                                                                               | 2.9 kB  00:00:00     
(1/4): elastic-7.x/primary                                                                                            | 457 kB  00:00:00     
(2/4): epel/x86_64/group_gz                                                                                           |  98 kB  00:00:00     
(3/4): epel/x86_64/updateinfo                                                                                         | 1.0 MB  00:00:00     
(4/4): epel/x86_64/primary_db                                                                                         | 7.0 MB  00:00:00     
elastic-7.x                                                                                                                        1432/1432
可安装的软件包
filebeat.i686                                                       7.0.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.0.0-1                                                       elastic-7.x
filebeat.i686                                                       7.0.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.0.1-1                                                       elastic-7.x
filebeat.i686                                                       7.1.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.1.0-1                                                       elastic-7.x
filebeat.i686                                                       7.1.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.1.1-1                                                       elastic-7.x
filebeat.i686                                                       7.2.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.2.0-1                                                       elastic-7.x
filebeat.i686                                                       7.2.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.2.1-1                                                       elastic-7.x
filebeat.i686                                                       7.3.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.3.0-1                                                       elastic-7.x
filebeat.i686                                                       7.3.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.3.1-1                                                       elastic-7.x
filebeat.i686                                                       7.3.2-1                                                       elastic-7.x
filebeat.x86_64                                                     7.3.2-1                                                       elastic-7.x
filebeat.i686                                                       7.4.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.4.0-1                                                       elastic-7.x
filebeat.i686                                                       7.4.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.4.1-1                                                       elastic-7.x
filebeat.i686                                                       7.4.2-1                                                       elastic-7.x
filebeat.x86_64                                                     7.4.2-1                                                       elastic-7.x
filebeat.i686                                                       7.5.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.5.0-1                                                       elastic-7.x
filebeat.i686                                                       7.5.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.5.1-1                                                       elastic-7.x
filebeat.i686                                                       7.5.2-1                                                       elastic-7.x
filebeat.x86_64                                                     7.5.2-1                                                       elastic-7.x
filebeat.i686                                                       7.6.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.6.0-1                                                       elastic-7.x
filebeat.i686                                                       7.6.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.6.1-1                                                       elastic-7.x
filebeat.i686                                                       7.6.2-1                                                       elastic-7.x
filebeat.x86_64                                                     7.6.2-1                                                       elastic-7.x
filebeat.i686                                                       7.7.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.7.0-1                                                       elastic-7.x
filebeat.i686                                                       7.7.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.7.1-1                                                       elastic-7.x
filebeat.i686                                                       7.8.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.8.0-1                                                       elastic-7.x
filebeat.i686                                                       7.8.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.8.1-1                                                       elastic-7.x
filebeat.i686                                                       7.9.0-1                                                       elastic-7.x
filebeat.x86_64                                                     7.9.0-1                                                       elastic-7.x
filebeat.i686                                                       7.9.1-1                                                       elastic-7.x
filebeat.x86_64                                                     7.9.1-1                                                       elastic-7.x
filebeat.i686                                                       7.9.2-1                                                       elastic-7.x
filebeat.x86_64                                                     7.9.2-1                                                       elastic-7.x
filebeat.i686                                                       7.9.3-1                                                       elastic-7.x
filebeat.x86_64                                                     7.9.3-1                                                       elastic-7.x
filebeat.i686                                                       7.10.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.10.0-1                                                      elastic-7.x
filebeat.i686                                                       7.10.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.10.1-1                                                      elastic-7.x
filebeat.i686                                                       7.10.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.10.2-1                                                      elastic-7.x
filebeat.i686                                                       7.11.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.11.0-1                                                      elastic-7.x
filebeat.i686                                                       7.11.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.11.1-1                                                      elastic-7.x
filebeat.i686                                                       7.11.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.11.2-1                                                      elastic-7.x
filebeat.i686                                                       7.12.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.12.0-1                                                      elastic-7.x
filebeat.i686                                                       7.12.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.12.1-1                                                      elastic-7.x
filebeat.i686                                                       7.13.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.13.0-1                                                      elastic-7.x
filebeat.i686                                                       7.13.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.13.1-1                                                      elastic-7.x
filebeat.i686                                                       7.13.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.13.2-1                                                      elastic-7.x
filebeat.i686                                                       7.13.3-1                                                      elastic-7.x
filebeat.x86_64                                                     7.13.3-1                                                      elastic-7.x
filebeat.i686                                                       7.13.4-1                                                      elastic-7.x
filebeat.x86_64                                                     7.13.4-1                                                      elastic-7.x
filebeat.i686                                                       7.14.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.14.0-1                                                      elastic-7.x
filebeat.i686                                                       7.14.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.14.1-1                                                      elastic-7.x
filebeat.i686                                                       7.14.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.14.2-1                                                      elastic-7.x
filebeat.i686                                                       7.15.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.15.0-1                                                      elastic-7.x
filebeat.i686                                                       7.15.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.15.1-1                                                      elastic-7.x
filebeat.i686                                                       7.15.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.15.2-1                                                      elastic-7.x
filebeat.i686                                                       7.16.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.16.0-1                                                      elastic-7.x
filebeat.i686                                                       7.16.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.16.1-1                                                      elastic-7.x
filebeat.i686                                                       7.16.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.16.2-1                                                      elastic-7.x
filebeat.i686                                                       7.16.3-1                                                      elastic-7.x
filebeat.x86_64                                                     7.16.3-1                                                      elastic-7.x
filebeat.i686                                                       7.17.0-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.0-1                                                      elastic-7.x
filebeat.i686                                                       7.17.1-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.1-1                                                      elastic-7.x
filebeat.i686                                                       7.17.2-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.2-1                                                      elastic-7.x
filebeat.i686                                                       7.17.3-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.3-1                                                      elastic-7.x
filebeat.i686                                                       7.17.4-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.4-1                                                      elastic-7.x
filebeat.i686                                                       7.17.5-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.5-1                                                      elastic-7.x
filebeat.i686                                                       7.17.6-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.6-1                                                      elastic-7.x
filebeat.i686                                                       7.17.7-1                                                      elastic-7.x
filebeat.x86_64                                                     7.17.7-1                                                      elastic-7.x
[root@dev ~]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

安装 filebeat 7.17.7-1

sudo yum install -y filebeat-7.17.7-1
1

[root@dev ~]# sudo yum install -y filebeat-7.17.7-1
已加载插件：fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager

This system is not registered with an entitlement server. You can use subscription-manager to register.

Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.bupt.edu.cn
 * updates: mirrors.bupt.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 filebeat.x86_64.0.7.17.7-1 将被 安装
--> 解决依赖关系完成

依赖关系解决

=============================================================================================================================================
 Package                          架构                           版本                              源                                   大小
=============================================================================================================================================
正在安装:
 filebeat                         x86_64                         7.17.7-1                          elastic-7.x                          33 M

事务概要
=============================================================================================================================================
安装  1 软件包

总下载量：33 M
安装大小：125 M
Downloading packages:
filebeat-7.17.7-x86_64.rpm                                                                                            |  33 MB  00:00:06     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
警告：RPM 数据库已被非 yum 程序修改。
  正在安装    : filebeat-7.17.7-1.x86_64                                                                                                 1/1 
  验证中      : filebeat-7.17.7-1.x86_64                                                                                                 1/1 

已安装:
  filebeat.x86_64 0:7.17.7-1                                                                                                                 

完毕！
[root@dev ~]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

filebeat 常用命令

查看状态
```
systemctl status filebeat.service
1
```

查看开机启动状态

systemctl list-unit-files | grep filebeat.service
1

启动
```
systemctl start filebeat.service
1
```
停止
```
systemctl stop filebeat.service
1
```
重启
```
systemctl restart filebeat.service
1
```
打开开机自启
```
systemctl enable filebeat.service
1
```
关闭开机自启
```
systemctl disable filebeat.service
1
```

修改 /etc/filebeat/filebeat.yml 文件，让 filebeat 连接到 kibana、elasticsearch

vi /etc/filebeat/filebeat.yml
1

setup.kibana:
   host: "kibana服务器IP:5601"

output.elasticsearch:
   hosts: ["elasticsearch服务器IP:9200"]
   username: "elastic"
   password: "F7M6EklcuAgKIvaMy0JP"
1
2
3
4
5
6
7

查看 filebeat 可收集日志的类型与配置文件
```
cd /etc/filebeat/modules.d/
ll
1
2
```

开启 apache 日志收集（根据自己的需要选择配置）

sudo filebeat modules enable apache
1

开启结果

[root@dev ~]# sudo filebeat modules enable apache
Enabled apache
[root@dev ~]# 
1
2
3

配置 apache 日志收集的路径

vi /etc/filebeat/modules.d/apache.yml
1

 - module: apache
   access:
   enabled: true
   var.paths:
   # 收集日志的路径
       - /logs/*.log
1
2
3
4
5
6

启动 filebeat
```
systemctl start filebeat.service
1
```

查看日志收集

tail -f /var/lib/filebeat/registry/filebeat/log.json
1

浏览器访问网址： http://kibana服务器IP:5601/app/logs/stream ，即可查看到收集的日志

相关阅读:
atrace和systrace的基本使用方法
 Leetcode2918. 数组的最小相等和
 redis一主一从搭建
 Linux环境中使用C++ JsonCpp库
 第三章-Mybatis源码解析-以xml方式走流程-mapper解析（四）
大二Web课程设计——家乡主题网页设计（web前端网页制作课作业）四川旅游网页设计制作
 2_里氏替换原则
 数据中台之数据建模工程实操
 java和js实现AES对称加密
 Linux 怎样通过win 远程桌面连接链接Linux后台服务器的可视化图形界面
原文地址：https://blog.csdn.net/qq_32596527/article/details/127567618