This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервисы_elk [2022/03/11 12:35] val [Logstash] |
сервисы_elk [2024/02/19 11:03] val [Установка пакета из репозитория] |
||
---|---|---|---|
Line 2: | Line 2: | ||
+ | * [[https://habr.com/ru/news/t/657169/|Elastic NV — американо-голландская компания, основанная в 2012 году в Амстердаме, Нидерланды, ранее известная как Elasticsearch, прекратила продажи ПО в РФ]] [update 24.03.22] | ||
* [[https://system-admins.ru/elk-o-chem-i-zachem/|ELK. О чем и зачем?]] | * [[https://system-admins.ru/elk-o-chem-i-zachem/|ELK. О чем и зачем?]] | ||
* [[https://codedzen.ru/category/uroki/elasticsearch/|Уроки по Elasticsearch]] | * [[https://codedzen.ru/category/uroki/elasticsearch/|Уроки по Elasticsearch]] | ||
Line 7: | Line 8: | ||
* [[https://www.elastic.co/what-is/elk-stack|What is the ELK Stack? Why, it’s the Elastic Stack.]] | * [[https://www.elastic.co/what-is/elk-stack|What is the ELK Stack? Why, it’s the Elastic Stack.]] | ||
* [[https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html|Elasticsearch provides a full Query DSL (Domain Specific Language) based on JSON]] | * [[https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html|Elasticsearch provides a full Query DSL (Domain Specific Language) based on JSON]] | ||
+ | |||
+ | * [[https://vk.com/wall-95686747_13620|Для установки Elasticsearch и остальных продуктов Elastic, можно использовать репозиторий https://mirror.yandex.ru/mirrors.]] | ||
* !!! От 8-x GB (8192 MB) и 2-х CPU на VM !!! | * !!! От 8-x GB (8192 MB) и 2-х CPU на VM !!! | ||
Line 13: | Line 16: | ||
==== Установка пакета из репозитория ==== | ==== Установка пакета из репозитория ==== | ||
+ | |||
+ | * [[Переменные окружения]] (для установки через proxy) | ||
* [[https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html|Install Elasticsearch with Debian Packageedit]] any Debian-based system such as Debian and Ubuntu. | * [[https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html|Install Elasticsearch with Debian Packageedit]] any Debian-based system such as Debian and Ubuntu. | ||
+ | * [[Управление ПО в Linux#Подключение сторонних репозиториев]] | ||
+ | <code> | ||
+ | # apt install elasticsearch | ||
+ | </code> | ||
==== Запуск и проверка работоспособности ==== | ==== Запуск и проверка работоспособности ==== | ||
Line 115: | Line 124: | ||
* [[https://www.elastic.co/guide/en/kibana/current/deb.html|Install Kibana with Debian package]] | * [[https://www.elastic.co/guide/en/kibana/current/deb.html|Install Kibana with Debian package]] | ||
+ | |||
+ | * [[Управление ПО в Linux#Подключение сторонних репозиториев]] | ||
+ | |||
+ | <code> | ||
+ | # apt install kibana | ||
+ | </code> | ||
==== Настройка и запуск ==== | ==== Настройка и запуск ==== | ||
Line 296: | Line 311: | ||
#cisco_name=`host $ip | awk '{ print $NF }' | cut -d. -f1` | #cisco_name=`host $ip | awk '{ print $NF }' | cut -d. -f1` | ||
- | cisco_name=`getent hosts $1 | awk '{ print $NF }'` | + | cisco_name=`getent hosts $ip | awk '{ print $NF }'` |
#echo $1 $ip $cisco_name >> /tmp/cisco-backup-config-logstash.log | #echo $1 $ip $cisco_name >> /tmp/cisco-backup-config-logstash.log | ||
Line 343: | Line 358: | ||
</code><code> | </code><code> | ||
# filebeat test config -e -c /etc/filebeat/filebeat.yml | # filebeat test config -e -c /etc/filebeat/filebeat.yml | ||
+ | ... | ||
+ | Config OK | ||
systemctl enable filebeat | systemctl enable filebeat | ||
Line 371: | Line 388: | ||
# filebeat setup -e | # filebeat setup -e | ||
+ | 2 минуты | ||
# cat /etc/filebeat/modules.d/netflow.yml | # cat /etc/filebeat/modules.d/netflow.yml |