Linux教程FG518-Linux综合实战案例二十四

内容简介：本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容，详细介绍了相关技术的配置和使用方法。

本

风哥提示：

文档介绍企业级日志管理平台部署综合实战案例。

Part01-ELK Stack部署

1.1 Elasticsearch集群配置

# 安装Elasticsearch
[root@fgedu-elastic1 ~]# yum install -y elasticsearch

# 配置Elasticsearch
[root@fgedu-elastic1 ~]# cat > /etc/elasticsearch/elasticsearch.yml << 'EOF' cluster.name: fgedu-logs node.name: fgedu-elastic1 network.host: 192.168.1.10 http.port: 9200 discovery.seed_hosts: ["192.168.1.10", "192.168.1.11", "192.168.1.12"] cluster.initial_master_nodes: ["fgedu-elastic1", "fgedu-elastic2", "fgedu-elastic3"] # 内存配置 bootstrap.memory_lock: true # 路径配置 path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch # 安全配置 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 EOF # 配置JVM内存 [root@fgedu-elastic1 ~]# cat > /etc/elasticsearch/jvm.options.d/heap.options << 'EOF' -Xms8g -Xmx8g EOF # 启动Elasticsearch [root@fgedu-elastic1 ~]# systemctl enable elasticsearch --now # 检查集群状态 [root@fgedu-elastic1 ~]# curl -u elastic:Elastic@123 http://localhost:9200/_cluster/health?pretty { "cluster_name" : "fgedu-logs", "status" : "green", "timed_out" : false, "number_of_nodes" : 3, "number_of_data_nodes" : 3, "active_primary_shards" : 10, "active_shards" : 20, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0 }

Part02-Logstash配置

2.1 日志收集管道

# 安装Logstash
[root@fgedu-logstash ~]# yum install -y logstash

# 配置日志收集管道
[root@fgedu-logstash ~]# cat > /etc/logstash/conf.d/nginx-logs.conf << 'EOF' input { beats { port => 5044
ssl => true
ssl_certificate => “/etc/logstash/certs/logstash.crt”
ssl_key => “/etc/logstash/certs/logstash.key”
}

tcp {
port => 5140
type => syslog
}

http {
port => 8080
type => http_logs
}
}

filter {
if [type] == “nginx-access” {
grok {
match => {
“message” => ‘%{IPORHOST:client_ip} – %{USERNAME:user} \[%{HTTPDATE:timestamp}\] “%{WORD:method} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}” %{NUMBER:status} %{NUMBER:bytes} “%{DATA:referrer}” “%{DATA:agent}”‘
}
}

geoip {
source => “client_ip”
target => “geoip”
}

date {
match => [“timestamp”, “dd/MMM/yyyy:HH:mm:ss Z”]
}

useragent {
source => “agent”
target => “useragent”
}
}

if [type] == “syslog” {
grok {
match => {
“message” => ‘%{SYSLOGBASE} %{GREEDYDATA:syslog_message}’
}
}

date {
match => [“timestamp”, “MMM d HH:mm:ss”, “MMM dd HH:mm:ss”]
}
}

mutate {
remove_field => [“host”, “@version”]
}
}

output {
elasticsearch {
hosts => [“https://192.168.1.10:9200”, “https://192.168.1.11:9200”, “https://192.168.1.12:9200”]
user => “logstash_writer”
password => “Logstash@123”
index => “fgedu-%{type}-%{+YYYY.MM.dd}”
template => “/etc/logstash/templates/fgedu-template.json”
}

if [status] =~ /^5\d\d/ {
email {
to => “ops@fgedu.net.cn”
from => “logstash@fgedu.net.cn”
subject => “Alert: 5xx Error Detected”
body => “Error detected: %{message}”
}
}
}
EOF

# 启动Logstash
[root@fgedu-logstash ~]# systemctl enable logstash –now

# 检查管道状态
[root@fgedu-logstash ~]# curl -s http://localhost:9600/_node/pipelines?pretty | head -30
{
“host” : “fgedu-logstash”,
“version” : “8.12.0”,
“http_address” : “127.0.0.1:9600”,
“id” : “abc123-456def-789ghi”,
“name” : “fgedu-logstash”,
“pipelines” : {
“main” : {
“events” : {
“filtered” : 123456,
“out” : 123450,
“in” : 123460
}
}
}
}

Part03-Kibana可视化

3.1 Kibana配置

# 安装Kibana
[root@fgedu-kibana ~]# yum install -y kibana

# 配置Kibana
[root@fgedu-kibana ~]# cat > /etc/kibana/kibana.yml << 'EOF' server.port: 5601 server.host: "192.168.1.15" server.name: "fgedu-kibana" elasticsearch.hosts: ["https://192.168.1.10:9200", "https://192.更多视频教程www.fgedu.net.cn168.1.11:92学习交流加群风哥微信: itpux-com00", "https://192.168.1.12:9200"] elasticsearch.username: "kibana_system" elasticsearch.password: "Kibana@123" # 安全配置 xpack.security.enabled: true xpack.security.encryptionKey: "fgedu-encryption-key-32chars" xpack.security.session.idleTimeout: "1h" # SSL配置 server.ssl.enabled: true server.ssl.certificate: /etc/kibana/certs/kibana.crt server.ssl.key: /etc/kibana/certs/kibana.key # 日志配置 logging.dest: /var/log/kibana/kibana.log logging.verbose: false # 监控配置 monitoring.ui.container.elasticsearch.enabled: true EOF # 启动Kibana [root@fgedu-kibana ~]# systemctl enable kibana --now # 创建索引模式 [root@fgedu-kibana ~]# curl -u kibana:Kibana@123 -X POST "http://localhost:5601/api/saved_objects/index-pattern" -H "Content-Type: application/json" -d '{ "attributes": { "title": "fgedu-*", "timeFieldName": "@timestamp" } }' {"id":"fgedu-*","type":"index-pattern","attributes":{"title":"fgedu-*","timeFieldName":"@timestamp"}} # 创建仪表板 [root@fgedu-kibana ~]# cat > /tmp/dashboard.json << 'EOF' { "version": "8.12.0", "objects": [ { "id": "nginx-dashboard", "type": "dashboard", "attributes": { "title": "Nginx访问日志仪表板", "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15},\"version\":\"8.12.0\",\"type\":\"visualization\",\"id\":\"nginx-status-pie\"}]" } } ] } EOF

Part04-日志监控告警

4.1 日志告警配置

# 配置Elasticsearch告警
[root@fgedu-elastic1 ~]# cat > /etc/elasticsearch/scripts/error_alert.json << 'EOF' { "trigger": { "schedule": { "interval": "5m" } }, "input": { "search": { "request": { "indices": ["fgedu-nginx-*"], "body": { "query": { "bool": { "must": [ {"range": {"@timestamp": {"gte": "now-5m"}}}, {"term": {"status": "500"}} ] } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 10 } } }, "actions": { "email_admin": { "email": { "profile": "standard", "to": "ops@fgedu.net.cn", "subject": "高错误率告警", "body": "检测到5分钟内500错误超过10次，当前数量: {{ctx.payload.hits.total}}" } }, "webhook": { "webhook": { "scheme": "https", "host": "api.dingtalk.com", "port": 443, "method": "post", "path": "/robot/send?access_token=xxx", "body": "{\"msgtype\":\"text\",\"text\":{\"content\":\"日志告警: 500错误过多\"}}" } } } } EOF # 创建日志监控脚本 [root@fgedu-kibana ~]# cat > /usr/local/bin/log-monitor.sh << 'EOF' #!/bin/bfrom PG视频:www.itpux.comash # log-monitor.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.fgedu.net.cn echo "=== 日志平台监控 ===" echo "监控时间: $(date)" echo "" echo "1. Elasticsearch集群状态" curl -s -u elastic:Elastic@123 http://192.168.1.10:9200/_cluster/health?pretty echo "" echo "2. 索引统计" curl -s -u elastic:Elastic@123 http://192.168.1.10:9200/_cat/indices?v | head -20 echo "" echo "3. Logstash状态" curl -s http://192.168.1.13:9600/_node/stats/jvm?pretty | grep -A5 "heap" echo "" echo "4. 今日日志量" curl -s -u elastic:Elastic@123 "http://192.168.1.10:9200/fgedu-*/_count?pretty" -d '{ "query": { "range": { "@timestamp": { "gte": "now/d" } } } }' echo "" echo "5. 错误日志统计" curl -s -u elastic:Elastic@123 "http://192.168.1.10:9200/fgedu-*/_search?size=0" -d '{ "query": { "term": {"status": "500"} } }' echo "" echo "=== 监控完成 ===" EOF [root@fgedu-kibana ~]# chmod +x /usr/local/bin/log-monitor.sh

风哥针对日志管理建议：

配置日志轮转和保留策略
实施日志分类和标签
配置敏感信息脱敏
建立日志告警规则
定期归档历史日志

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html