This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервисы_elk [2022/03/11 09:56] val [Примеры запросов] |
сервисы_elk [2024/02/19 11:02] val [Установка пакета из репозитория] |
||
---|---|---|---|
Line 2: | Line 2: | ||
+ | * [[https://habr.com/ru/news/t/657169/|Elastic NV — американо-голландская компания, основанная в 2012 году в Амстердаме, Нидерланды, ранее известная как Elasticsearch, прекратила продажи ПО в РФ]] [update 24.03.22] | ||
* [[https://system-admins.ru/elk-o-chem-i-zachem/|ELK. О чем и зачем?]] | * [[https://system-admins.ru/elk-o-chem-i-zachem/|ELK. О чем и зачем?]] | ||
* [[https://codedzen.ru/category/uroki/elasticsearch/|Уроки по Elasticsearch]] | * [[https://codedzen.ru/category/uroki/elasticsearch/|Уроки по Elasticsearch]] | ||
Line 7: | Line 8: | ||
* [[https://www.elastic.co/what-is/elk-stack|What is the ELK Stack? Why, it’s the Elastic Stack.]] | * [[https://www.elastic.co/what-is/elk-stack|What is the ELK Stack? Why, it’s the Elastic Stack.]] | ||
* [[https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html|Elasticsearch provides a full Query DSL (Domain Specific Language) based on JSON]] | * [[https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html|Elasticsearch provides a full Query DSL (Domain Specific Language) based on JSON]] | ||
+ | |||
+ | * [[https://vk.com/wall-95686747_13620|Для установки Elasticsearch и остальных продуктов Elastic, можно использовать репозиторий https://mirror.yandex.ru/mirrors.]] | ||
* !!! От 8-x GB (8192 MB) и 2-х CPU на VM !!! | * !!! От 8-x GB (8192 MB) и 2-х CPU на VM !!! | ||
Line 13: | Line 16: | ||
==== Установка пакета из репозитория ==== | ==== Установка пакета из репозитория ==== | ||
+ | |||
+ | * [[Переменные окружения]] (для установки через proxy) | ||
* [[https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html|Install Elasticsearch with Debian Packageedit]] any Debian-based system such as Debian and Ubuntu. | * [[https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html|Install Elasticsearch with Debian Packageedit]] any Debian-based system such as Debian and Ubuntu. | ||
+ | * [[Управление ПО в Linux#Подключение сторонних репозиториев]] | ||
+ | <code> | ||
+ | # apt install elasticsearch | ||
+ | </code> | ||
==== Запуск и проверка работоспособности ==== | ==== Запуск и проверка работоспособности ==== | ||
Line 115: | Line 124: | ||
* [[https://www.elastic.co/guide/en/kibana/current/deb.html|Install Kibana with Debian package]] | * [[https://www.elastic.co/guide/en/kibana/current/deb.html|Install Kibana with Debian package]] | ||
+ | |||
+ | * [[Управление ПО в Linux#Подключение сторонних репозиториев]] | ||
+ | |||
+ | <code> | ||
+ | # apt install elasticsearch | ||
+ | </code> | ||
==== Настройка и запуск ==== | ==== Настройка и запуск ==== | ||
Line 245: | Line 260: | ||
} | } | ||
} | } | ||
- | </code><code> | + | </code> |
+ | |||
+ | Длится 3-4 минуты | ||
+ | |||
+ | <code> | ||
# /usr/share/logstash/bin/logstash-plugin install logstash-output-exec | # /usr/share/logstash/bin/logstash-plugin install logstash-output-exec | ||
</code> | </code> | ||
Line 287: | Line 306: | ||
</code><code> | </code><code> | ||
#!/bin/sh | #!/bin/sh | ||
- | |||
- | #echo $1 >> /tmp/cisco-backup-config-logstash.log | ||
#ip=$1 | #ip=$1 | ||
ip=`echo $1 | cut -d: -f2 | cut -d'}' -f1` | ip=`echo $1 | cut -d: -f2 | cut -d'}' -f1` | ||
- | #cisco_name=`getent hosts $1 | awk '{ print $NF }'` | + | #cisco_name=`host $ip | awk '{ print $NF }' | cut -d. -f1` |
- | cisco_name=`host $ip | awk '{ print $NF }' | cut -d. -f1` | + | cisco_name=`getent hosts $ip | awk '{ print $NF }'` |
+ | #echo $1 $ip $cisco_name >> /tmp/cisco-backup-config-logstash.log | ||
/usr/bin/sshpass -p cisco /usr/bin/scp ${cisco_name}:running-config /srv/tftp/${cisco_name}-running-config | /usr/bin/sshpass -p cisco /usr/bin/scp ${cisco_name}:running-config /srv/tftp/${cisco_name}-running-config | ||
Line 340: | Line 358: | ||
</code><code> | </code><code> | ||
# filebeat test config -e -c /etc/filebeat/filebeat.yml | # filebeat test config -e -c /etc/filebeat/filebeat.yml | ||
+ | ... | ||
+ | Config OK | ||
systemctl enable filebeat | systemctl enable filebeat | ||
Line 368: | Line 388: | ||
# filebeat setup -e | # filebeat setup -e | ||
+ | 2 минуты | ||
# cat /etc/filebeat/modules.d/netflow.yml | # cat /etc/filebeat/modules.d/netflow.yml |