# 설치하고자 하는 서버에 다음과 같이 git clone을 진행한다.
git clone https://github.com/deviantony/docker-elk.git
cd docker-elk
vi elasticsearch/config/elasticsearch.yml
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
node.name: "TEST_NODE"
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["127.0.0.1"]
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
#xpack.license.self_generated.type: trial
#xpack.security.enabled: true
#xpack.monitoring.collection.enabled: true
#discovery.type: single-node
vi kibana/config/kibana.yml
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.ts
#
server.name: kibana
server.host: 0.0.0.0
elasticsearch.hosts: [ "http://$IP-Address:9200" ] # 본인 서버 아이피
monitoring.ui.container.elasticsearch.enabled: true
## X-Pack security credentials
#
elasticsearch.username: elastic
elasticsearch.password: changeme
vi logstash/config/logstash.yml
---
## Default Logstash configuration from Logstash base image.
## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml
#
http.host: 0.0.0.0
xpack.monitoring.elasticsearch.hosts: [ "http://$IP-Address:9200" ]
## X-Pack security credentials
#
#xpack.monitoring.enabled: true
#xpack.monitoring.elasticsearch.username: elastic
#xpack.monitoring.elasticsearch.password: changeme
vi docker-elk/logstash/pipeline/logstash.conf
input {
beats {
port => 5044
}
tcp {
port => 5000
}
kafka {
client_id => "logstash-test-topic"
group_id => "logstash-test-topic"
topics => ["pgServer.public.test_table-0"]
codec => "json"
bootstrap_servers => "$Kafka-Server-IP-Address:9092"
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => ["http://$IP-Address:9200"]
index => "edc-storage-%{+YYYY.MM.dd}"
user => "elastic"
password => "changeme"
ecs_compatibility => disabled
}
}
# docker-elk 디렉토리로 돌아와서 다음과 같이 실행한다.
sudo docker-compose build && docker-compose up -d
# http://$IP-Address:5601 로 접속하여 웹 화면이 뜨는지 확인한다.
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
cd /etc/yum.repos.d/
vi elastic.repo
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
sudo yum install filebeat
sudo systemctl enable filebeat
# filebeat.yml 수정
sudo vi /etc/filebeat/filebeat.yml
<pre><code class="yaml">
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "<SERVER-IP>"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["<SERVER-IP>:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
username: "<USER NAME>"
password: "<PASSWORD>"
sudo filebeat modules enable system
sudo filebeat setup
sudo service filebeat start
sudo yum install metricbeat
sudo systemctl enable metricbeat
# metricbeat.yml 수정
$ sudo vi /etc/metricbeat/metricbeat.yml
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "<SERVER-IP>"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["<SERVER-IP>:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "<USER NAME>"
#password: "<PASSWORD>"
sudo metricbeat modules enable system
sudo metricbeat setup
sudo service metricbeat start
sudo yum install auditbeat
sudo systemctl enable auditbeat
# auditbeat.yml 수정
sudo vi /etc/auditbeat/auditbeat.yml
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "<SERVER-IP>"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["<SERVER-IP>:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
username: "<USER NAME>"
password: "<PASSWORD>"
sudo auditbeat setup
sudo service auditbeat start
sudo systemctl enable --now auditbeat.service
sudo systemctl enable --now metricbeat.service
sudo systemctl enable --now filebeat.service
"참고 - Elasticsearch beat 다운로드":https://www.elastic.co/kr/downloads/beats
"참고 - ELK Docker 설치방법":https://judo0179.tistory.com/60
"참고 - Centos ELK 설치":https://program-error-review.tistory.com/30?category=412095