ÔõÑùÔÚLinuxÉÏÉèÖø߿ÉÓõÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎö
ÔõÑùÔÚlinuxÉÏÉèÖø߿ÉÓõÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎö
СÐò£º
ÔÚµ±½ñÊý×Ö»¯Ê±´ú£¬ÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎö¹ØÓÚ°ü¹ÜÍøÂçÇå¾²ºÍÐÔÄÜÓÅ»¯Æð×ÅÖÁ¹ØÖ÷ÒªµÄ×÷Óá£ÎªÁËÄܹ»ÓÐÓüà¿ØÍøÂçÁ÷Á¿²¢ÊµÊ±ÏìÓ¦ÎÊÌ⣬´î½¨Ò»¸ö¸ß¿ÉÓõÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳÊDZز»¿ÉÉٵġ£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚLinuxÉÏÉèÖÃÒ»¸ö¸ß¿ÉÓõÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳ£¬²¢ÌṩһЩ´úÂëʾÀýÀ´×ÊÖú¶ÁÕ߸üºÃµØÍê³ÉÕâÏîʹÃü¡£
µÚÒ»²½£º×°ÖúÍÉèÖÃElasticsearch
ElasticsearchÊÇÒ»¸öÂþÑÜʽµÄ¿ªÔ´ËÑË÷ºÍÆÊÎöÒýÇ棬Ëü¿ÉÒÔÓÃÀ´´æ´¢ºÍÆÊÎö´ó¹æÄ£Êý¾Ý¼¯¡£ÔڴÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳʱ£¬ÎÒÃÇÊ×ÏÈÐèҪװÖúÍÉèÖÃElasticsearch¡£
ÏÂÔز¢×°ÖÃElasticsearch£º
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-linux-x86_64.tar.gz tar -zxvf elasticsearch-7.10.2-linux-x86_64.tar.gz cd elasticsearch-7.10.2/ ./bin/elasticsearch
µÇ¼ºó¸´ÖÆ
ÉèÖÃElasticsearch£º
ÐÞ¸ÄElasticsearchµÄÉèÖÃÎļþelasticsearch.yml£¬ÉèÖü¯ÈºÃû³ÆºÍ¼àÌýµØµã£º
cluster.name: my-cluster network.host: 0.0.0.0
µÇ¼ºó¸´ÖÆ
Æô¶¯Elasticsearch£º
./bin/elasticsearch
µÇ¼ºó¸´ÖÆ
µÚ¶þ²½£º×°ÖúÍÉèÖÃLogstash
LogstashÊÇÒ»¸ö¿ªÔ´µÄЧÀÍÆ÷¶ËÊý¾Ý´¦Öóͷ£¹ÜµÀ£¬¿ÉÒÔ½«Êý¾Ý´Ó²î±ðµÄȪԴÍøÂ硢ת»»ºÍ·¢Ë͵½Ä¿µÄλÖá£ÔÚÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳÖУ¬LogstashÓÃÓÚ½«ÍøÂçÁ÷Á¿Êý¾ÝÍøÂ粢ת»¯³É¿É¹©Elasticsearch¾ÙÐÐÆÊÎöµÄÃûÌá£
ÏÂÔز¢×°ÖÃLogstash£º
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.2.tar.gz tar -zxvf logstash-7.10.2.tar.gz cd logstash-7.10.2/
µÇ¼ºó¸´ÖÆ
½¨ÉèLogstashµÄÉèÖÃÎļþlogstash.conf£º
input { tcp { port => 5000 } } output { elasticsearch { hosts => ["localhost:9200"] index => "network-traffic-%{+YYYY.MM.dd}" } }
µÇ¼ºó¸´ÖÆ
Æô¶¯Logstash£º
./bin/logstash -f logstash.conf
µÇ¼ºó¸´ÖÆ
µÚÈý²½£º×°ÖúÍÉèÖÃKibana
KibanaÊÇÒ»¸ö»ùÓÚElasticsearchµÄ¿ªÔ´Êý¾Ý¿ÉÊÓ»¯Æ½Ì¨£¬¿ÉÒÔÓÃÀ´ÅÌÎÊ¡¢¿ÉÊÓ»¯ºÍÆÊÎö´ÓElasticsearchÖлñÈ¡µÄÊý¾Ý¡£ÔÚÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳÖУ¬Kibana½«×÷ΪÓû§²Ù×÷½çÃ棬Ìṩ¸»ºñµÄͼ±íºÍÒDZíÅÌÀ´Õ¹Ê¾ÍøÂçÁ÷Á¿ºÍÐÔÄÜÐÅÏ¢¡£
ÏÂÔز¢×°ÖÃKibana£º
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz tar -zxvf kibana-7.10.2-linux-x86_64.tar.gz cd kibana-7.10.2/
µÇ¼ºó¸´ÖÆ
ÉèÖÃKibana£º
ÐÞ¸ÄKibanaµÄÉèÖÃÎļþkibana.yml£¬ÉèÖÃElasticsearchµÄµØµãºÍÃÜÔ¿£º
elasticsearch.hosts: ["http://localhost:9200"]
µÇ¼ºó¸´ÖÆ
Æô¶¯Kibana£º
./bin/kibana
µÇ¼ºó¸´ÖÆ
µÚËIJ½£ºÉèÖÃÍøÂçÁ÷Á¿ÊÕÂÞÆ÷
ΪÁËÄܹ»ÊÕÂÞÍøÂçÁ÷Á¿Êý¾Ý²¢ËÍÈëLogstash¾ÙÐд¦Öóͷ££¬ÎÒÃÇÐèÒªÉèÖÃÒ»¸öÍøÂçÁ÷Á¿ÊÕÂÞÆ÷¡£
ÒÔtcpdumpΪÀý£¬Ê×ÏÈ×°ÖÃtcpdump£º
sudo apt-get install tcpdump
µÇ¼ºó¸´ÖÆ
½ÓÏÂÀ´£¬Ê¹ÓÃÈçÏÂÏÂÁÍøÂçÁ÷Á¿µ¼Èëµ½Logstash£º
sudo tcpdump -i eth0 -nn -tttt -s 0 -U -w - | nc localhost 5000
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÊöÏÂÁîÖУ¬ÆäÖÐ-i²ÎÊýÖ¸¶¨ÁËÒª¼àÌýµÄÍøÂç½Ó¿Ú£¬-w²ÎÊý½«Á÷Á¿Êý¾ÝдÈë±ê×¼Êä³ö£¬È»ºóͨ¹ý¹ÜµÀת´ï¸øncÀ´·¢Ë͵½Logstash¡£
×ܽ᣺
ͨ¹ýÒÔÉϵİ취£¬ÎÒÃÇÀֳɵشÁËÒ»¸ö¸ß¿ÉÓõÄLinuxÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöϵͳ¡£ElasticsearchÓÃÓÚ´æ´¢ºÍÆÊÎö´ó¹æÄ£Êý¾Ý¼¯£¬LogstashÓÃÓÚÍøÂçºÍת»»ÍøÂçÁ÷Á¿Êý¾Ý£¬¶øKibanaÔòÌṩÁËÓѺõÄÓû§½çÃæÀ´Õ¹Ê¾Êý¾Ý¡£Í¨¹ýÉèÖÃÍøÂçÁ÷Á¿ÊÕÂÞÆ÷£¬ÎÒÃÇ¿ÉÒÔʵʱµØ¼à¿ØºÍÆÊÎöÍøÂçÐÔÄÜ£¬´Ó¶øʵʱ·¢Ã÷ÎÊÌâ²¢½ÓÄÉÏìÓ¦µÄ²½·¥¡£
±¾ÎÄÌṩÁËһЩʾÀý´úÂëÀ´×ÊÖú¶ÁÕ߸üºÃµØÃ÷È·ºÍʵ¼ùÕâЩÉèÖð취¡£¶ÁÕß¿ÉÒÔƾ֤ÏÖÕæÏàÐξÙÐÐÐ޸ĺÍÀ©Õ¹£¬ÒÔÖª×ã×Ô¼ºµÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöÐèÇó¡£
ÒÔÉϾÍÊÇÔõÑùÔÚLinuxÉÏÉèÖø߿ÉÓõÄÍøÂç¼à¿ØºÍÁ÷Á¿ÆÊÎöµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡