ELK自动安装脚本

原创

KaliArch

发布于 2018-04-19 20:48:14

1.7K1

发布于 2018-04-19 20:48:14

文章被收录于专栏：KaliArchKaliArch

一、简介

ELK由Elasticsearch、Logstash和Kibana三部分组件组成；

Elasticsearch是个开源分布式搜索引擎，它的特点有：分布式，零配置，自动发现，索引自动分片，索引副本机制，restful风格接口，多数据源，自动搜索负载等。

Logstash是一个完全开源的工具，它可以对你的日志进行收集、分析，并将其存储供以后使用

kibana 是一个开源和免费的工具，它可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面，可以帮助您汇总、分析和搜索重要数据日志。

二、核心组件

Logstash: logstash server端用来搜集日志；

Elasticsearch: 存储各类日志；

Kibana: web化接口用作查寻和可视化日志；

Filebeat是一个日志文件托运工具，在你的服务器上安装客户端后，filebeat会监控日志目录或者指定的日志文件，追踪读取这些文件（追踪文件的变化，不停的读），并且转发这些信息到elasticsearch或者logstarsh中存放。

三、安装脚本

github地址

#!/bin/bash
#mail:xuel@anchnet.com
#data:2017/9/7
#AutoInstall?ELK?scripts
#Software:elasticsearch-5.4.1/logstash-5.4.1/filebeat-5.4.1/kibana-5.4.1
clear
echo?"#############################################################################"
echo?"#???????????????????????????Auto?Install?ELK.??????????????????????????????##"
echo?"#???????????????????????????Press?Ctrl?+?C?to?cancel???????????????????????##"
echo?"#???????????????????????????Any?key?to?continue????????????????????????????##"
echo?"#?Softwae:elasticsearch-5.4.1/logstash-5.4.1/filebeat-5.4.1/kibana-5.4.1???##"
echo?"#############################################################################"
read?-n?1
software_dir="/usr/local/software"
elasticsearch_url="https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz"
kibana_url="https://artifacts.elastic.co/downloads/kibana/kibana-5.4.1-linux-x86_64.tar.gz"
logstash_url="https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.tar.gz"
filebeat_url="https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.1-linux-x86_64.tar.gz"
sys_version=`cat?/etc/redhat-release?|awk?'{print?$4}'|cut?-d.?-f1`
IP=`ip?addr|grep?"inet?"|grep?-v?127.0.0.1|awk?'{print?$2}'|cut?-d/?-f1`
jvm_conf="/usr/local/elasticsearch/config/jvm.options"
sys_mem=`free?-m|grep?Mem:|awk?'{print?$2}'|awk?'{sum+=$1}?END?{print?sum/1024}'|cut?-d.?-f1`

#wget?software
wget_fun()?{
if?[?!?-d?${software_dir}?];then
????mkdir?-p?${software_dir}?&&?cd?${software_dir}
else
????cd?${software_dir}
fi
for?software?in?$elasticsearch_url?$kibana_url?$logstash_url?$filebeat_url
do
????wget?-c?$software
done
clear
}
#initial?system:install?java?wget;set?hostname;disable?firewalld
init_sys()?{
[?-f?/etc/init.d/functions?]?&&?.?/etc/init.d/functions
[?"${sys_version}"?!=?"7"?]?&&?echo?"Error:This?Scripts?Support?Centos7.xx"?&&?exit?1
[?$(id?-u)?!=?"0"?]?&&?echo?"Error:?You?must?be?root?to?run?this?script"?&&?exit?1
sed?-i?"s/SELINUX=enforcing/SELINUX=disabled/"??/etc/selinux/config
setenforce?0
yum?install?-y?java-1.8.0-openjdk?wget
hostnamectl?set-hostname?elk-server??????????
systemctl?stop?firewalld
cat?>>/etc/security/limits.conf<<EOF
*?soft?nofile?65536?
*?hard?nofile?65536?
*?soft?nGproc?65536?
*?hard?nproc?65536
EOF
}

#install?elasticsearch
install_elasticsearch()?{
cd?$software_dir
tar?zxf?elasticsearch-5.4.1.tar.gz
mv?elasticsearch-5.4.1?/usr/local/elasticsearch
mkdir?-p?/usr/local/elasticsearch/data?/usr/local/elasticsearch/logs
useradd?elasticsearch
chown?-R?elasticsearch:elasticsearch?/usr/local/elasticsearch
echo?"vm.max_map_count?=?655360"?>>/etc/sysctl.conf?&&?sysctl?-p
if?[?${sys_mem}?-eq?0?];then
????sed?-i?"s#`grep?"^-Xmx"?${jvm_conf}`#"-Xmx512m"#g"?${jvm_conf}
????sed?-i?"s#`grep?"^-Xms"?${jvm_conf}`#"-Xms512m"#g"?${jvm_conf}
else
????sed?-i?"s#`grep?"^-Xmx"?${jvm_conf}`#"-Xmx${sys_mem}g"#g"?${jvm_conf}
????sed?-i?"s#`grep?"^-Xms"?${jvm_conf}`#"-Xms${sys_mem}g"#g"?${jvm_conf}
fi
cat?>>/usr/local/elasticsearch/config/elasticsearch.yml<<EOF
cluster.name:?my-application
node.name:?elk-server
path.data:?/usr/local/elasticsearch/data
path.logs:?/usr/local/elasticsearch/logs
network.host:?127.0.0.1
http.port:?9200
discovery.zen.ping.unicast.hosts:?["elk-server"]
EOF
su?-?elasticsearch?-c?"nohup?/usr/local/elasticsearch/bin/elasticsearch?&"
}

#install?logstash
install_logstash()?{
cd?$software_dir
tar?-zxf?logstash-5.4.1.tar.gz
mv?logstash-5.4.1?/usr/local/logstash
cat>/usr/local/logstash/config/01-syslog.conf<<EOF
input?{
????beats?{
????????port?=>?"5044"
????????}
????}
output?{
????elasticsearch?{
????????hosts?=>?"127.0.0.1:9200"
????}
????stdout?{?codec?=>?rubydebug?}
}
EOF
nohup?/usr/local/logstash/bin/logstash?-f?/usr/local/logstash/config/01-syslog.conf?&?>/dev/null
}

#install?filebeat
install_filebeat()?{
cd?$software_dir
tar?-zxf?filebeat-5.4.1-linux-x86_64.tar.gz
mv?filebeat-5.4.1-linux-x86_64?/usr/local/filebeat
cat?>/usr/local/filebeat/filebeat.yml<<EOF
filebeat.prospectors:
-?input_type:?log
??paths:
????-?/var/log/*.log
output.logstash:
??hosts:?["127.0.0.1:5044"]
EOF
cd?/usr/local/filebeat/
nohup?/usr/local/filebeat/filebeat?&?>/dev/null
}

#install?kibana
install_kibana()?{
cd?$software_dir
tar?-zxf?kibana-5.4.1-linux-x86_64.tar.gz
mv?kibana-5.4.1-linux-x86_64?/usr/local/kibana
cat?>>?/usr/local/kibana/config/kibana.yml?<<EOF
server.port:?5601
server.host:?"0.0.0.0"
elasticsearch.url:?"http://127.0.0.1:9200"
EOF
nohup?/usr/local/kibana/bin/kibana?&?>/dev/null
}

check()?{
port=$1
program=$2
check_port=`netstat?-lntup|grep?${port}|wc?-l`
check_program=`ps?-ef|grep?${program}|grep?-v?grep|wc?-l`
if?[?$check_port?-gt?0?]?&&?[?$check_program?-gt?0?];then
????????action?"${program}?run?is?ok!"?/bin/true
else
????????action?"${program}?run?is?error!"?/bin/false
fi
}

main()?{
init_sys
wget_fun
install_elasticsearch
install_filebeat
install_logstash
install_kibana
echo?-e?"\033[32m?Checking?Elasticsearch...\033[0m"
sleep?20
check?:9200?"elasticsearch"
echo?-e?"\033[32m?Checking?Logstash...\033[0m"
sleep?2
check?":9600"?"logstash"
echo?-e?"\033[32m?Checking?Kibana...\033[0m"
sleep?2
check?":5601"?"kibana"
action?"ELK?install?is?success!"?/bin/true
echo?"url:http://$IP:5601"
}
main

四、脚本安装