ELK 监控搭建

实现Elasticsearch监控报警，x-pack,Sentinl,Watcher 等都是可行性方案之一,如下记下最近搭建的心得

使用x-pack 监控

1：安装x-pack: Elasticsearch安装目录下执行 bin/elasticsearch-plugin install x-pack（基本上都是安装失败，本来x-pack文件很大，同时又被墙）

2：本地安装：https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.4.zip

下载对应文件后执行 bin/elasticsearch-plugin install file:///path/to/file/x-pack-6.2.4.zip

具体参考：https://www.elastic.co/guide/en/elasticsearch/reference/6.2/installing-xpack-es.html

更改 elasticsearch 的密码
执行bin/x-pack/setup-passwords interactive 然后回车设置密码。

其他节点只要安装了x-pack插件的话，就可以直接加入了，无需再设置密码了。

#修改密码的方式
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "changme" }'

config/elasticsearch.yml添加

#加上这条：设置x-pack为开启
xpack.security.enabled: true
设置描述
xpack.graph.enabled 设置为false禁用X-Pack图形功能。
xpack.ml.enabled 设置为false禁用X-Pack机器学习功能。
xpack.monitoring.enabled 设置为false禁用X-Pack监视功能。
xpack.reporting.enabled 设置为false禁用X-Pack报告功能。
xpack.security.enabled 设置为false禁用X-Pack安全功能。
xpack.watcher.enabled 设置false为禁用观察器。

验证watcher是否启动

http://localhost:9200/_watcher/stats?pretty

kibana上安装x-pack
kibana也采用本地安装： bin/kibana-plugin install file:x-pack-6.2.4.zip

kibana上设置es密码
打开 kibana.yml 设置：

elasticsearch.username: "elastic"
elasticsearch.password: "changme"

配置报警信息

配置文件改动

watcher.actions.email.service.account:
    work:
        profile: gmail
        email_defaults:
            from: 'John Doe '
            bcc: archive@host.domain
        smtp:
            auth: true
            starttls.enable: true
            host: smtp.gmail.com
            port: 587
            user: 
            password: 
PUT _xpack/watcher/watch/log_error_watch
{
  "trigger": {
    "schedule": {
      "interval": "10s"
    }
  },
  "input": {
    "search": {
      "request": {
        "indices": ["logs"],
        "body": {
          "query": {
            "match": {
              "message": "error"
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gt": 0
      }
    }
  },
  "actions" : {
  "send_email" : {
    "email" : {
      "to" : "POST",
      "subject" : "ELK 过去一分钟之内发生过错误请及时关注",
      "body" : "ELK 过去一分钟之内发生过错误请及时关注"
    }
  }
}
}

logstash配置x-pack:

vim ./config/logstash.conf

input {
   file {
       path => "/var/log/messages"
       type => "systemlog"
      start_position => "beginning"
       stat_interval => "3"
   }
}
output {
   if [type] == "systemlog" {
       elasticsearch {
           hosts => ["127.0.0.1:9200"]
           index => "system-log-%{+YYYY.MM.dd}"
           user => "elastic"
           password => "changme"
       }
   }
}

执行：bin/logstash -f config/logstash.conf

Sentinl监控
插件下载地址https://github.com/sirensolutions/sentinl/releases?after=tag-6.3.2-beta-1

kibana安装目录/bin/kibana-plugin install 安装包放的位置/安装包名