在进行前面准备之后可以开始安装了,我们的安装顺序是filebeat--->logstash--->elasticsearch
filebeat安装很简单,先下载filebeat,这里我们使用1.2.3版本。
filebeat官网:https://www.elastic.co/products/beats/filebeat
安装filebeat(每一台后端主机都要安装)
# tar xf filebeat-1.2.-x86_64.tar.gz -C /usr/local/app/
# ln -sv /usr/local/app/filebeat-1.2.-x86_64 /usr/local/filebeat
# cd /usr/local/filebeat/
创建配置文件nginx-php.yml
filebeat:
prospectors:
-
paths:
- /data/logs/nginx/access_all.log
document_type: -nginxaccesslog
input_type: log
tail_files: true
multiline:
negate: true
match: after
-
paths:
- /data/logs/nginx/error.log
document_type: -nginxerrorlog
input_type: log
tail_files: true
multiline:
negate: true
match: after
-
paths:
- /data/logs/php/php_error.log
document_type: -phperrorlog
input_type: log
tail_files: true
multiline:
negate: true
match: after
output:
logstash:
hosts: ["10.80.2.181:5048"]
shipper:
logging:
files: