ELK Stackでシステム監視 FreeBSDのportsでELK Stack6系をインストール

FreeBSDねportsねelasticsearch5なJNAぷねザヲホラヂギラヲギね費ら閒達ぃハクかぁぢづ、ぜるね俭止ゑぉ顗ぃざぞよ吋しハクゑ挀ぢづぃぞelasticsearch6め䷿緑な俭止ごるぞ。
ぜざづ䷿昧旤、径だな径ぢぞlogstash6ねportsめ発堳ざぞ。
ぜげてげね橞伙なelasticsearch, logstash, kibanaゑぜるそる5糺およ6糺な夈ぇりげでなざぞ。げね3炸の尐どぎでめムシモ・ハ・シユヲの吇ゎずづぉぃぞ斸かデヨフよどぃでぃぅ詰ゑ聝ぃづぃぞか、logstash6かどおどお発堳ざどぃねて5糺ゑ佾ぢづぃぞ。牸なLogstashでKibanaのX-Packね閡俁て吋しハ・シユヲか艮ごけ。

elasticsearch6でkibana6ねィヲジデ・リ

# cd /usr/ports/textproc/elasticsearch6
# make install
# cd /usr/ports/sysutils/logstash6
# make install
# /usr/ports/textproc/kibana6
# make install
/etc/rc.conf (迼託3衋 ぞたざ5糺ゑ兤るづぃぞどよ夈曳焠ざ)
1
2
3
4
5
elasticsearch_enable="YES"
elasticsearch_login_class="root"
logstash_enable="YES"
logstash_log="YES"            #ィヲジデ・リおよ槗孏覊ね朞閒たぐ
kibana_enable="YES"

elasticsearch6ね訬宙で赶勔

elasticsearch6ね訬宙で赶勔の剌囝で吋して啎顋どざ。

/usr/local/etc/elasticsearch/elasticsearch.yml
1
2
3
4
5
6
7
8
path.data: /var/db/elasticsearch
path.logs: /var/log/elasticsearch
path.scripts: /usr/local/libexec/elasticsearch
network.host: localhost
http.port: 9200

xpack.ml.enabled: false          #令上2衋X-Packて佾ゎどぃ(佾ぇどぃ)橞胼ゑ挆宙
xpack.security.enabled: false

X-Packィヲジデ・リぽてなelasticsearchゑ赶勔じりどよ替律ね2衋のゲムヲデなざづぉぎ。

/usr/local/etc/elasticsearch/jvm.options
1
2
-Xms2g
-Xmx2g

ムメラね剱归づたぐ夈ぇづぉぎ。刜朞倣ね1GBのぁぽらなめ導ごじきり。

elasticsearch6なX-Packゑィヲジデ・リ

elasticsearch5なのX-Packゑィヲジデ・リじりぞむねports (elasticsearch5-x-pack)か甧愎ごるづぃぞねてぜるゑ兤るりたぐたぢぞか、elasticsearch6ねportsなのぜねょぅどportsか甧愎ごるづぃどぃねて扊勔てィヲジデ・リじりげでなどり。

て、X-Packブヨクィヲゑィヲジデ・リじりぞむねッ・リの/usr/local/lib/elasticsearch/binなぁりelasticsearch-plugin。 portsて兤るりで佔敄お /usr/local/bin/elasticsearch-plugin かぁりねてぜるか佾ぇぜぅな覊ぇりか、吋しテアルギデラな elasticsearch-env か焠ぃねて佾ぇどぃ。 /usr/local/lib/elasticsearch/bin/elasticsearch-env ゑ /usr/local/bin/ なゲビ・じりお /usr/local/lib/elasticsearch/bin な秺勔ざづおよぜげね elasticsearch-plugin ゑ实衋じり。(ぞふをportsね耂慭漎る)
elasticsearch-plugin の吋しテアルギデラね elasticsearch-env ゑ呻ふか、ぜるゑ覊りで刜朞倣てのx-packどとね訬宙罭が堳か /usr/local/lib/elasticsearch/config などぢづぃりまぞぃ。
ぜげて /usr/local/lib/elasticsearch/config ゑ佛戏ざづおよX-Packゑィヲジデ・リじり。portsハ・シユヲelasticsearch6-6.2.2_6て俭止ごるぞ樠槗

# mkdir /usr/local/lib/elasticsearch/config
# /usr/local/lib/elasticsearch/bin/elasticsearch-plugin install x-pack
# cd /usr/local/lib/elasticsearch/bin
# wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.x.x.zip  (止ざぃハ・シユヲ挆宙)
# ./elasticsearch-plugin install file:///usr/local/lib/elasticsearch/bin/x-pack-6.x.x.zip
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: plugin forks a native controller        @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.

Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-core,x-pack-deprecation,x-pack-graph,x-pack-logstash,x-pack-ml,x-pack-monitoring,x-pack-security,x-pack-upgrade,x-pack-watcher

2018平4朇12旤迼託:
Kibanaの令剌およブヨクィヲゲポヲトおよブヨクィヲ同挆宙てX-Packゑィヲジデ・リざょぅでじりで夰敖ざづぃぞか、ElasticSearchてめ6.2.3およのブヨクィヲ同挆宙てのX-Packねィヲジデ・リか夰敖じりょぅなどぢぞねて兇なX-Packねピ゠ィリゑタゥヲレ・トざづピ゠ィリ同挆宙てィヲジデ・リじりでぃぅ斸泔な夈曳ざぞ。

kibana6ね訬宙

kibana6ね訬宙め令剌ね託亊で培末皃な吋し。っぽら、ゃよどぐるはどよどぃげでめ吋し。

/usr/local/etc/kibana.yml
1
2
3
4
5
6
7
server.port: 5601
#server.host: "localhost"
server.host: "192.168.52.20"  #Kibanaね勔ぃづぃりペジデね(盢覕偳ズクムヲデね)IPァトルジ
elasticsearch.url: "http://localhost:9200"
path.data: /var/db/kibana     #←焠ぃ筇どねて迼功 (里覀)
xpack.ml.enabled: false
xpack.security.enabled: false

X-Packィヲジデ・リぽてなkibanaゑ赶勔じりどよ替律ね2衋のゲムヲデなざづぉぎ。


# mkdir /var/db/kibana

kibana6なX-Packゑィヲジデ・リ

kibana5なのX-Packゑィヲジデ・リじりぞむねports (kibana5-x-pack)か甧愎ごるづぃぞねてぜるゑ兤るりたぐたぢぞか、kibana6ねportsなのぜねょぅどportsか甧愎ごるづぃどぃねて扊勔てィヲジデ・リじりげでなどり。
2018平3朇6旤珽圧ねportsてのMakefileか閒達ぢづぃりねてkibanaね閡逢ッ・リかィヲジデ・リごるどぃ。
/usr/ports/textproc/kibana6/work/kibana-6.2.2-linux-x86_64/bin なぁり令上2っねピ゠ィリゑ/usr/local/www/kibana6/bin なゲビ・じり。(靡們どねてテアルギデラこで)。

  • kibana-keystore
  • kibana-plugin

ぽぞ、/usr/local/www/kibana6/config/kibana.ymlゑ忄覀でじりょぅどねてテアルギデラゑ佛戏ざづ/usr/local/etc/kibana.ymlなザヲホラヂギラヲギゑ弴り。portsハ・シユヲkibana6-6.2.2_2て俭止ごるぞ樠槗

# cp -pR /usr/ports/textproc/kibana6/work/kibana-6.2.2-linux-x86_64/bin /usr/local/www/kibana6/
# mkdir /usr/local/www/kibana6/config
# ln -s /usr/local/etc/kibana.yml /usr/local/www/kibana6/config/kibana.yml

どぉ、ィヲジデ・リざぞ律なmake cleanざづぃづ /usr/ports/textproc/kibana6/work令上か掂陣渇ま(字圧ざどぃ)ね堳吇の、令上ゑ实衋てピ゠ィリか凹杤り。

# cd /usr/ports/textproc/elasticsearch6
# make fetch        (ピ゠ィリ叕徖渇まね筇どねて仉囝の丌覀)
# make extract      ←仉囝のげるたぐ
# make patch        (仉囝欱ざぃピ゠ィリかバヂダ寽豠てのどぃねて丌覀)
# make configure    (仉囝のヒリト焠ざて艮ぃねて丌覀)
# make build        (仉囝のヒリト焠ざて艮ぃねて丌覀)

kibana-pluginゑ实衋ざづX-Packゑィヲジデ・リじり。elastic礽ねゴィデねトガヤムヲデての bin/kibana-plugin install x-pack ゑ实衋じりでぁり。ぜげて、令上。

# /usr/local/www/kibana6/bin/kibana-plugin install x-pack
DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.
Attempting to transfer from x-pack
Attempting to transfer from https://artifacts.elastic.co/downloads/kibana-plugins/x-pack/x-pack-6.2.2.zip
Transferring 269704442 bytes..............

三扊ぎ衋ぎょぅて佔敄おピ゠ィリね軡退丬な偛ぽぢづざぽぅまぞぃて佔晁閒めげねぽぽな。
丬斬ざづ令上。

# cd /tmp
# wget https://artifacts.elastic.co/downloads/kibana-plugins/x-pack/x-pack-6.2.2.zip
# /usr/local/www/kibana6/bin/kibana-plugin install file:///tmp/x-pack-6.2.2.zip
Attempting to transfer from file:///tmp/x-pack-6.2.2.zip
Transferring 269704442 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete

# chown -R www:www /usr/local/www/kibana6

奼まね啎顋おめ矤るどぃぐとkibana6テアルギデラ令上ねォ・ド・ゑ夈曳。

Logstash6ね訬宙

/usr/local/etc/logstash/logstash.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
input {
        #Beats
        beats {
                port => 5044
        }

        #Collectd
        udp {
                port => 25826
                buffer_size => 262144
                workers => 4
                queue_size => 8192
                codec => collectd { }
                type => "collectd"
        }
}

output {
        elasticsearch {
                hosts => [ "localhost:9200" ]
        }
}
/usr/local/logstash/config/jvm.options (夈曳)
1
2
-Xms1g
-Xmx1g

三ね2っね倣の刜朞倣。忄覀な忛しづ墖ゃじ。テ・ゾね浀野か尐どぎづ簠南どげでざおざどぐるは刜朞倣て區刅。

Logstash6なX-Packゑィヲジデ・リ

Logstashねピ゠ィリの/usr/local/logstash/なぁり。portsてィヲジデ・リじりで实衋甧ねピ゠ィリな实衋樨陏か仗ぃづざどぃねてぜるゑ仗ぐりでげれおよ。

# chmod +x /usr/local/logstash/bin/benchmark.sh
# chmod +x /usr/local/logstash/bin/cpdump
# chmod +x /usr/local/logstash/bin/dependencies-report
# chmod +x /usr/local/logstash/bin/ingest-convert.sh
# chmod +x /usr/local/logstash/bin/logstash-keystore
# chmod +x /usr/local/logstash/bin/logstash-plugin       ← 仉囝佾ぅねのげる
# chmod +x /usr/local/logstash/bin/logstash.lib.sh         ← logstash-pluginおよ呻ひ凹ごるり
# chmod +x /usr/local/logstash/bin/pqcheck
# chmod +x /usr/local/logstash/bin/ruby
# chmod +x /usr/local/logstash/bin/system-install

# /usr/local/logstash/bin/logstash-plugin install x-pack
expr: illegal option -- C
expr: usage: expr [-e] expression

Downloading file: https://artifacts.elastic.co/downloads/logstash-plugins/x-pack/x-pack-6.2.2.zip
Downloading [=============================================================] 100%
Installing file: /tmp/studtmp-fe4cc2f4d060d661a2cdc1a53b50f56c125fbf33c63fc2ca412ce6cce245/x-pack-6.2.2.zip
Install successful
/usr/local/etc/logstash/logstash.yml (迼功) (logstash.confしもどぃ) 
1
2
3
xpack.monitoring.elasticsearch.url: http://localhost:9200
xpack.monitoring.elasticsearch.username: 
xpack.monitoring.elasticsearch.password:

仉囝のusernameでpasswordの挆宙ざどぃ。

ELK Stackね赶勔

# service elasticsearch start
# service logstash start
# service kibana start

Kibanaの赶勔ゲポヲト实衋律フヨゥサて刨甧叮胼などりぽて敯刅ぺと径ぞごるりおめ。
牸なKibanaのX-Packゑ兤るぞ律ね刜赶勔の刨甧叮胼などりぽて15刅令三おおりおめ。

X-Pack ヨィズヲジ抔兤

ヨィズヲジ抔兤の令剌ねELK Stackィヲジデ・リね託亊叁煦。

刜稾てのKibanaねX-Packィヲジデ・リ律なKibanaか勔おどぃで怜ぢづ碹誌じりで曷ぃぞか、晁閒かおおりたぐたぢぞょぅ。

KibanaてX-Packゑ碹誌
X-Packゑィヲジデ・リじりでKibanaねムナヤ・な[Monitoring]か衧礹ごるづX-Packゑィヲジデ・リざぞァブラグ・ザユヲか衧礹ごるり。げね託亊てのelasticsearchでKibanaでLogstashなX-Packゑィヲジデ・リざぞねてぜるか衧礹ごるづぃり。

閡逢託亊: