1、 调整系统内核参数参数

  1. [root@elastiflow sysctl.d]# cat 100-elastiflow.conf
  2. net.core.netdev_max_backlog=4096
  3. net.core.rmem_default=262144
  4. net.core.rmem_max=67108864
  5. net.ipv4.udp_rmem_min=131072
  6. net.ipv4.udp_mem=2097152 4194304 8388608
  8. #less 75000
  9. net.core.netdev_max_backlog=4096
  10. net.core.rmem_default=262144
  11. net.core.rmem_max=67108864
  12. net.ipv4.udp_rmem_min=131072
  13. net.ipv4.udp_mem=2097152 4194304 8388608
  15. #more then 75000
  16. net.core.netdev_max_backlog=8192
  17. net.core.rmem_default=262144
  18. net.core.rmem_max=134217728
  19. net.ipv4.udp_rmem_min=131072
  20. net.ipv4.udp_mem=4194304 8388608 16777216

2、 安装java环境

  1. [root@elastiflow yum.repos.d]# yum install java-openjdk-devel java-openjdk
  2. Loaded plugins: fastestmirror
  3. Loading mirror speeds from cached hostfile
  4. No package java-openjdk-devel available.
  5. Resolving Dependencies
  6. --> Running transaction check
  7. ---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.292.b10-1.el7_9 will be installed
  8. --> Processing Dependency: java-1.8.0-openjdk-headless(x86-64) = 1:1.8.0.292.b10-1.el7_9 for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  9. --> Processing Dependency: xorg-x11-fonts-Type1 for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  10. --> Processing Dependency: libjvm.so(SUNWprivate_1.1)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  11. --> Processing Dependency: libjpeg.so.62(LIBJPEG_6.2)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  12. --> Processing Dependency: libjava.so(SUNWprivate_1.1)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  13. --> Processing Dependency: libXcomposite(x86-64) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  14. --> Processing Dependency: gtk2(x86-64) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  15. --> Processing Dependency: libjvm.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  16. --> Processing Dependency: libjpeg.so.62()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  17. --> Processing Dependency: libjava.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  18. --> Processing Dependency: libgif.so.4()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  19. --> Processing Dependency: libXtst.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  20. --> Processing Dependency: libXrender.so.1()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  21. --> Processing Dependency: libXi.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  22. --> Processing Dependency: libXext.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  23. --> Processing Dependency: libX11.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64
  24. --> Running transaction check
  25. ---> Package giflib.x86_64 0:4.1.6-9.el7 will be installed
  26. --> Processing Dependency: libSM.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
  27. --> Processing Dependency: libICE.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
  28. ---> Package gtk2.x86_64 0:2.24.31-1.el7 will be installed
  29. --> Processing Dependency: pango >= 1.20.0-1 for package: gtk2-2.24.31-1.el7.x86_64
  30. --> Processing Dependency: libtiff >= 3.6.1 for package: gtk2-2.24.31-1.el7.x86_64
  31. --> Processing Dependency: libXrandr >= 1.2.99.4-2 for package: gtk2-2.24.31-1.el7.x86_64
  32. --> Processing Dependency: atk >= 1.29.4-2 for package: gtk2-2.24.31-1.el7.x86_64
  33. --> Processing Dependency: hicolor-icon-theme for package: gtk2-2.24.31-1.el7.x86_64
  34. --> Processing Dependency: gtk-update-icon-cache for package: gtk2-2.24.31-1.el7.x86_64
  35. --> Processing Dependency: libpangoft2-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  36. --> Processing Dependency: libpangocairo-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  37. --> Processing Dependency: libpango-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  38. --> Processing Dependency: libgdk_pixbuf-2.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  39. --> Processing Dependency: libcups.so.2()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  40. --> Processing Dependency: libcairo.so.2()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  41. --> Processing Dependency: libatk-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  42. --> Processing Dependency: libXrandr.so.2()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  43. --> Processing Dependency: libXinerama.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  44. --> Processing Dependency: libXfixes.so.3()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  45. --> Processing Dependency: libXdamage.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  46. --> Processing Dependency: libXcursor.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
  47. ---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.292.b10-1.el7_9 will be installed
  48. --> Processing Dependency: tzdata-java >= 2021a for package: 1:java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64
  49. --> Processing Dependency: copy-jdk-configs >= 3.3 for package: 1:java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64
  50. --> Processing Dependency: pcsc-lite-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64
  51. --> Processing Dependency: lksctp-tools(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64
  52. --> Processing Dependency: jpackage-utils for package: 1:java-1.8.0-openjdk-headless-1.8.0.292.b10-1.el7_9.x86_64
  53. ---> Package libX11.x86_64 0:1.6.7-3.el7_9 will be installed
  54. --> Processing Dependency: libX11-common >= 1.6.7-3.el7_9 for package: libX11-1.6.7-3.el7_9.x86_64
  55. --> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.6.7-3.el7_9.x86_64
  56. ---> Package libXcomposite.x86_64 0:0.4.4-4.1.el7 will be installed
  57. ---> Package libXext.x86_64 0:1.3.3-3.el7 will be installed
  58. ---> Package libXi.x86_64 0:1.7.9-1.el7 will be installed
  59. ---> Package libXrender.x86_64 0:0.9.10-1.el7 will be installed
  60. ---> Package libXtst.x86_64 0:1.2.3-1.el7 will be installed
  61. ---> Package libjpeg-turbo.x86_64 0:1.2.90-8.el7 will be installed
  62. ---> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 will be installed
  63. --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
  64. --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
  65. --> Running transaction check
  66. ---> Package atk.x86_64 0:2.28.1-2.el7 will be installed
  67. ---> Package cairo.x86_64 0:1.15.12-4.el7 will be installed
  68. --> Processing Dependency: libpixman-1.so.0()(64bit) for package: cairo-1.15.12-4.el7.x86_64
  69. --> Processing Dependency: libGL.so.1()(64bit) for package: cairo-1.15.12-4.el7.x86_64
  70. --> Processing Dependency: libEGL.so.1()(64bit) for package: cairo-1.15.12-4.el7.x86_64
  71. ---> Package copy-jdk-configs.noarch 0:3.3-10.el7_5 will be installed
  72. ---> Package cups-libs.x86_64 1:1.6.3-51.el7 will be installed
  73. --> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.6.3-51.el7.x86_64
  74. --> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.6.3-51.el7.x86_64
  75. ---> Package gdk-pixbuf2.x86_64 0:2.36.12-3.el7 will be installed
  76. --> Processing Dependency: libjasper.so.1()(64bit) for package: gdk-pixbuf2-2.36.12-3.el7.x86_64
  77. ---> Package gtk-update-icon-cache.x86_64 0:3.22.30-6.el7 will be installed
  78. ---> Package hicolor-icon-theme.noarch 0:0.12-7.el7 will be installed
  79. ---> Package javapackages-tools.noarch 0:3.4.1-11.el7 will be installed
  80. --> Processing Dependency: python-javapackages = 3.4.1-11.el7 for package: javapackages-tools-3.4.1-11.el7.noarch
  81. ---> Package libICE.x86_64 0:1.0.9-9.el7 will be installed
  82. ---> Package libSM.x86_64 0:1.2.2-2.el7 will be installed
  83. ---> Package libX11-common.noarch 0:1.6.7-3.el7_9 will be installed
  84. ---> Package libXcursor.x86_64 0:1.1.15-1.el7 will be installed
  85. ---> Package libXdamage.x86_64 0:1.1.4-4.1.el7 will be installed
  86. ---> Package libXfixes.x86_64 0:5.0.3-1.el7 will be installed
  87. ---> Package libXinerama.x86_64 0:1.1.3-2.1.el7 will be installed
  88. ---> Package libXrandr.x86_64 0:1.5.1-2.el7 will be installed
  89. ---> Package libtiff.x86_64 0:4.0.3-35.el7 will be installed
  90. --> Processing Dependency: libjbig.so.2.0()(64bit) for package: libtiff-4.0.3-35.el7.x86_64
  91. ---> Package libxcb.x86_64 0:1.13-1.el7 will be installed
  92. --> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.13-1.el7.x86_64
  93. ---> Package lksctp-tools.x86_64 0:1.0.17-2.el7 will be installed
  94. ---> Package pango.x86_64 0:1.42.4-4.el7_7 will be installed
  95. --> Processing Dependency: libthai(x86-64) >= 0.1.9 for package: pango-1.42.4-4.el7_7.x86_64
  96. --> Processing Dependency: libXft(x86-64) >= 2.0.0 for package: pango-1.42.4-4.el7_7.x86_64
  97. --> Processing Dependency: harfbuzz(x86-64) >= 1.4.2 for package: pango-1.42.4-4.el7_7.x86_64
  98. --> Processing Dependency: fribidi(x86-64) >= 1.0 for package: pango-1.42.4-4.el7_7.x86_64
  99. --> Processing Dependency: libthai.so.0(LIBTHAI_0.1)(64bit) for package: pango-1.42.4-4.el7_7.x86_64
  100. --> Processing Dependency: libthai.so.0()(64bit) for package: pango-1.42.4-4.el7_7.x86_64
  101. --> Processing Dependency: libharfbuzz.so.0()(64bit) for package: pango-1.42.4-4.el7_7.x86_64
  102. --> Processing Dependency: libfribidi.so.0()(64bit) for package: pango-1.42.4-4.el7_7.x86_64
  103. --> Processing Dependency: libXft.so.2()(64bit) for package: pango-1.42.4-4.el7_7.x86_64
  104. ---> Package pcsc-lite-libs.x86_64 0:1.8.8-8.el7 will be installed
  105. ---> Package ttmkfdir.x86_64 0:3.0.9-42.el7 will be installed
  106. ---> Package tzdata-java.noarch 0:2021a-1.el7 will be installed
  107. --> Running transaction check
  108. ---> Package avahi-libs.x86_64 0:0.6.31-20.el7 will be installed
  109. ---> Package fribidi.x86_64 0:1.0.2-1.el7_7.1 will be installed
  110. ---> Package harfbuzz.x86_64 0:1.7.5-2.el7 will be installed
  111. --> Processing Dependency: libgraphite2.so.3()(64bit) for package: harfbuzz-1.7.5-2.el7.x86_64
  112. ---> Package jasper-libs.x86_64 0:1.900.1-33.el7 will be installed
  113. ---> Package jbigkit-libs.x86_64 0:2.0-11.el7 will be installed
  114. ---> Package libXau.x86_64 0:1.0.8-2.1.el7 will be installed
  115. ---> Package libXft.x86_64 0:2.3.2-2.el7 will be installed
  116. ---> Package libglvnd-egl.x86_64 1:1.0.1-0.8.git5baa1e5.el7 will be installed
  117. --> Processing Dependency: libglvnd(x86-64) = 1:1.0.1-0.8.git5baa1e5.el7 for package: 1:libglvnd-egl-1.0.1-0.8.git5baa1e5.el7.x86_64
  118. --> Processing Dependency: mesa-libEGL(x86-64) >= 13.0.4-1 for package: 1:libglvnd-egl-1.0.1-0.8.git5baa1e5.el7.x86_64
  119. --> Processing Dependency: libGLdispatch.so.0()(64bit) for package: 1:libglvnd-egl-1.0.1-0.8.git5baa1e5.el7.x86_64
  120. ---> Package libglvnd-glx.x86_64 1:1.0.1-0.8.git5baa1e5.el7 will be installed
  121. --> Processing Dependency: mesa-libGL(x86-64) >= 13.0.4-1 for package: 1:libglvnd-glx-1.0.1-0.8.git5baa1e5.el7.x86_64
  122. ---> Package libthai.x86_64 0:0.1.14-9.el7 will be installed
  123. ---> Package pixman.x86_64 0:0.34.0-1.el7 will be installed
  124. ---> Package python-javapackages.noarch 0:3.4.1-11.el7 will be installed
  125. --> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-11.el7.noarch
  126. --> Running transaction check
  127. ---> Package graphite2.x86_64 0:1.3.10-1.el7_3 will be installed
  128. ---> Package libglvnd.x86_64 1:1.0.1-0.8.git5baa1e5.el7 will be installed
  129. ---> Package mesa-libEGL.x86_64 0:18.3.4-12.el7_9 will be installed
  130. --> Processing Dependency: mesa-libgbm = 18.3.4-12.el7_9 for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  131. --> Processing Dependency: libxshmfence.so.1()(64bit) for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  132. --> Processing Dependency: libwayland-server.so.0()(64bit) for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  133. --> Processing Dependency: libwayland-client.so.0()(64bit) for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  134. --> Processing Dependency: libglapi.so.0()(64bit) for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  135. --> Processing Dependency: libgbm.so.1()(64bit) for package: mesa-libEGL-18.3.4-12.el7_9.x86_64
  136. ---> Package mesa-libGL.x86_64 0:18.3.4-12.el7_9 will be installed
  137. --> Processing Dependency: libXxf86vm.so.1()(64bit) for package: mesa-libGL-18.3.4-12.el7_9.x86_64
  138. ---> Package python-lxml.x86_64 0:3.2.1-4.el7 will be installed
  139. --> Running transaction check
  140. ---> Package libXxf86vm.x86_64 0:1.1.4-1.el7 will be installed
  141. ---> Package libwayland-client.x86_64 0:1.15.0-1.el7 will be installed
  142. ---> Package libwayland-server.x86_64 0:1.15.0-1.el7 will be installed
  143. ---> Package libxshmfence.x86_64 0:1.2-1.el7 will be installed
  144. ---> Package mesa-libgbm.x86_64 0:18.3.4-12.el7_9 will be installed
  145. ---> Package mesa-libglapi.x86_64 0:18.3.4-12.el7_9 will be installed
  146. --> Finished Dependency Resolution
  147. ……

3、 下载安装elk

  1. [root@CentOS7 elk]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.8.1-x86_64.rpm
  2. --2021-07-09 14:34:16-- https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.8.1-x86_64.rpm
  3. Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
  4. Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 318401743 (304M) [application/octet-stream]
  7. Saving to: elasticsearch-7.8.1-x86_64.rpm
  9. 100%[==================================================================================================================>] 318,401,743 7.92MB/s   in 44s
  11. 2021-07-09 14:35:01 (6.89 MB/s) - elasticsearch-7.8.1-x86_64.rpm saved [318401743/318401743]
  13. [root@CentOS7 elk]# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.8.1-x86_64.rpm
  14. --2021-07-09 14:35:44-- https://artifacts.elastic.co/downloads/kibana/kibana-7.8.1-x86_64.rpm
  15. Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
  16. Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
  17. HTTP request sent, awaiting response... 200 OK
  18. Length: 347916016 (332M) [application/octet-stream]
  19. Saving to: kibana-7.8.1-x86_64.rpm
  21. 100%[==================================================================================================================>] 347,916,016 6.86MB/s   in 47s
  23. 2021-07-09 14:36:31 (7.09 MB/s) - kibana-7.8.1-x86_64.rpm saved [347916016/347916016]
  25. [root@CentOS7 elk]# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.1.rpm
  26. --2021-07-09 14:36:58-- https://artifacts.elastic.co/downloads/logstash/logstash-7.8.1.rpm
  27. Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
  28. Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
  29. HTTP request sent, awaiting response... 200 OK
  30. Length: 159752536 (152M) [application/octet-stream]
  31. Saving to: logstash-7.8.1.rpm
  33. 100%[==================================================================================================================>] 159,752,536 9.29MB/s   in 18s
  35. 2021-07-09 14:37:17 (8.37 MB/s) - logstash-7.8.1.rpm saved [159752536/159752536]
  38. [root@elastiflow ~]# rpm -ivh elasticsearch-7.8.1-x86_64.rpm kibana-7.8.1-x86_64.rpm logstash-7.8.1.rpm
  39. warning: elasticsearch-7.8.1-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
  40. Preparing...                          ################################# [100%]
  41. Updating / installing...
  42.   1:logstash-1:7.8.1-1              ################################# [ 33%]
  43. Using provided startup.options file: /etc/logstash/startup.options
  44. /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
  45. Successfully created system startup script for Logstash
  46.   2:kibana-7.8.1-1                  ################################# [ 67%]
  47. Creating elasticsearch group... OK
  48. Creating elasticsearch user... OK
  49.   3:elasticsearch-0:7.8.1-1         ################################# [100%]
  50. ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
  51.  sudo systemctl daemon-reload
  52.  sudo systemctl enable elasticsearch.service
  53. ### You can start elasticsearch service by executing
  54.  sudo systemctl start elasticsearch.service
  55. Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore

4、 配置启动服务

  1. [root@elastiflow ~]# systemctl daemon-reload
  2. [root@elastiflow ~]# systemctl enable elasticsearch.service
  3. Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
  4. [root@elastiflow ~]# systemctl enable kibana.service
  5. Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
  6. [root@elastiflow ~]# systemctl enable logstash.service
  7. Created symlink from /etc/systemd/system/multi-user.target.wants/logstash.service to /etc/systemd/system/logstash.service.

5、 修改ES配置文件 vim /etc/elasticsearch/elasticsearch.yml

image.png

6、 修改jvm内存vim /etc/elasticsearch/jvm.options

image.png

7、 修改kibana配置 vim /etc/kibana/kibana.yml

image.png

8、 重启服务

  1. [root@elastiflow ~]# systemctl restart elasticsearch.service
  2. [root@elastiflow ~]# systemctl restart kibana.service

9、 安装logstash模块

  1. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-codec-sflow
  2. Validating logstash-codec-sflow
  3. Installing logstash-codec-sflow
  4. Installation successful
  5.  [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-codec-netflow
  6. Validating logstash-codec-netflow
  7. Installing logstash-codec-netflow
  8. Installation successful
  9. [root@CentOS7 ~]#
  10. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-input-udp
  11. Validating logstash-input-udp
  12. Installing logstash-input-udp
  13. Installation successful
  14. [root@CentOS7 ~]#
  15. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-input-tcp
  16. Validating logstash-input-tcp
  17. Installing logstash-input-tcp
  18. Installation successful
  19. [root@CentOS7 ~]#
  20. [root@CentOS7 ~]#
  21. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-filter-dns
  22. Validating logstash-filter-dns
  23. Installing logstash-filter-dns
  24. Installation successful
  25. [root@CentOS7 ~]#
  26. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-filter-geoip
  27. Validating logstash-filter-geoip
  28. Installing logstash-filter-geoip
  29. Installation successful
  30. [root@CentOS7 ~]#
  31. [root@CentOS7 ~]# /usr/share/logstash/bin/logstash-plugin install logstash-filter-translate
  32. Validating logstash-filter-translate
  33. Installing logstash-filter-translate
  34. Installation successful

10、安装ElastiFlow

  1. [root@CentOS7 tmp]# git clone https://github.com/robcowart/elastiflow.git
  2. Cloning into 'elastiflow'...
  3. remote: Enumerating objects: 2234, done.
  4. remote: Counting objects: 100% (38/38), done.
  5. remote: Compressing objects: 100% (36/36), done.
  6. Receiving objects:  60% (1351/2234), 510.03 MiB | 2.54 MiB/s
  8. remote: Total 2234 (delta 16), reused 7 (delta 1), pack-reused 2196
  9. Receiving objects: 100% (2234/2234), 1003.24 MiB | 3.76 MiB/s, done.
  10. Resolving deltas: 100% (1259/1259), done.
  12. [root@CentOS7 tmp]# cp -a elastiflow/logstash/elastiflow/. /etc/logstash/elastiflow/
  13. [root@CentOS7 tmp]#
  14. [root@CentOS7 tmp]#
  15. [root@CentOS7 tmp]# cp -a elastiflow/logstash.service.d/. /etc/systemd/system/logstash.service.d/
  17.  [root@ElastiFlow logstash]# cat /etc/logstash/pipelines.yml
  18. # This file is where you define your pipelines. You can define multiple.
  19. # For more information on multiple pipelines, see the documentation:
  20. #   https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html
  22. #- pipeline.id: main
  23. #  path.config: "/etc/logstash/conf.d/*.conf"
  25. - pipeline.id:elastiflow
  26.   path.config: "/etc/logstash/elastiflow/conf.d/*.conf"
  28. [root@elastiflow ~]# /usr/share/logstash/bin/system-install
  29. /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
  30. Successfully created system startup script for Logstash

11、重启logstash服务

  1. [root@elastiflow ~]# systemctl daemon-reload
  2. [root@elastiflow ~]# systemctl enable logstash
  3. [root@elastiflow ~]# systemctl start logstash
  4. [root@elastiflow ~]# systemctl restart logstash

12、导入kibana模板

  1. [root@elastiflow ~]# ls elastiflow-master/kibana/
  2. elastiflow.kibana.7.8.x.ndjson

image.png

13、完成

Cisco c2600配置参考

  1. r2621#conf t
  2. r2621(config)#int e0/0
  3. r2621(config-if)#ip route-cache flow
  4. r2621(config-if)#exit
  5. r2621(config)#ip flow-export destination 10.201.128.129 2055
  6. r2621(config)#ip flow-export source e0/0
  7. r2621(config)#ip flow-export version 5
  8. r2621(config)#ip flow-cache timeout active 1
  9. r2621(config)#ip flow-cache timeout inactive 15
  10. r2621(config)#exit
  11. r2621#write

使用snmp获取端口描述信息

  1. [root@elastiflow user_settings]# snmpwalk 10.2**.32.34 -v 2c -c Qu_nquda0 ifDescr
  2. IF-MIB::ifDescr.1 = STRING: TenGigabitEthernet0/0/0
  3. IF-MIB::ifDescr.2 = STRING: TenGigabitEthernet0/0/1
  4. IF-MIB::ifDescr.3 = STRING: GigabitEthernet0/0/0
  5. IF-MIB::ifDescr.4 = STRING: GigabitEthernet0/0/1
  6. IF-MIB::ifDescr.5 = STRING: GigabitEthernet0/0/2
  7. IF-MIB::ifDescr.6 = STRING: GigabitEthernet0/0/3
  8. IF-MIB::ifDescr.7 = STRING: GigabitEthernet0/0/4
  9. IF-MIB::ifDescr.8 = STRING: GigabitEthernet0/0/5
  10. IF-MIB::ifDescr.9 = STRING: Crypto-Engine0/0/8
  11. IF-MIB::ifDescr.10 = STRING: GigabitEthernet0
  12. IF-MIB::ifDescr.11 = STRING: VoIP-Null0
  13. IF-MIB::ifDescr.12 = STRING: Null0
  14. IF-MIB::ifDescr.14 = STRING: GigabitEthernet0/0/1.102
  15. IF-MIB::ifDescr.15 = STRING: GigabitEthernet0/0/1.103
  16. IF-MIB::ifDescr.17 = STRING: GigabitEthernet0/0/1.105
  17. IF-MIB::ifDescr.18 = STRING: GigabitEthernet0/0/1.106
  18. IF-MIB::ifDescr.19 = STRING: GigabitEthernet0/0/1.107
  19. IF-MIB::ifDescr.20 = STRING: GigabitEthernet0/0/1.108
  20. IF-MIB::ifDescr.21 = STRING: GigabitEthernet0/0/1.109
  21. IF-MIB::ifDescr.22 = STRING: GigabitEthernet0/0/1.110
  22. IF-MIB::ifDescr.23 = STRING: GigabitEthernet0/0/1.111
  23. IF-MIB::ifDescr.26 = STRING: GigabitEthernet0/0/1.100
  24. [root@elastiflow user_settings]# snmpwalk 10.2**.32.34 -v 2c -c Qu_nquda0 ifIndex
  25. IF-MIB::ifIndex.1 = INTEGER: 1
  26. IF-MIB::ifIndex.2 = INTEGER: 2
  27. IF-MIB::ifIndex.3 = INTEGER: 3
  28. IF-MIB::ifIndex.4 = INTEGER: 4
  29. IF-MIB::ifIndex.5 = INTEGER: 5
  30. IF-MIB::ifIndex.6 = INTEGER: 6
  31. IF-MIB::ifIndex.7 = INTEGER: 7
  32. IF-MIB::ifIndex.8 = INTEGER: 8
  33. IF-MIB::ifIndex.9 = INTEGER: 9
  34. IF-MIB::ifIndex.10 = INTEGER: 10
  35. IF-MIB::ifIndex.11 = INTEGER: 11
  36. IF-MIB::ifIndex.12 = INTEGER: 12
  37. IF-MIB::ifIndex.14 = INTEGER: 14
  38. IF-MIB::ifIndex.15 = INTEGER: 15
  39. IF-MIB::ifIndex.17 = INTEGER: 17
  40. IF-MIB::ifIndex.18 = INTEGER: 18
  41. IF-MIB::ifIndex.19 = INTEGER: 19
  42. IF-MIB::ifIndex.20 = INTEGER: 20
  43. IF-MIB::ifIndex.21 = INTEGER: 21
  44. IF-MIB::ifIndex.22 = INTEGER: 22
  45. IF-MIB::ifIndex.23 = INTEGER: 23
  46. IF-MIB::ifIndex.26 = INTEGER: 26

修改/etc/logstash/elastiflow/user_settings/ifName.yml

  1. [root@elastiflow ~]# cat /etc/logstash/elastiflow/user_settings/ifName.yml
  2. "192.0.2.11::ifName.2": "eth0"
  3. "10.2**.240.143::ifName.1": "wan123"
  4. #10.2**.4.135 desc
  5. "10.2**.4.138::ifName.1": "Embedded-Service-Engine0/0"
  6. "10.2**.4.138::ifName.2": "GigabitEthernet0/0"
  7. "10.2**.4.138::ifName.3": "GigabitEthernet0/1"
  8. "10.2**.4.138::ifName.4": "GigabitEthernet0/2"
  9. "10.2**.4.138::ifName.5": "Backplane-GigabitEthernet0/3"
  10. "10.2**.4.138::ifName.6": "Null0"
  11. "10.2**.4.138::ifName.7": "Tunnel0"
  13. #10.2**.32.34 desc
  14. "10.2**.32.34::ifName.1": "TenGigabitEthernet0/0/0"
  15. "10.2**.32.34::ifName.2": "TenGigabitEthernet0/0/1"
  16. "10.2**.32.34::ifName.3": "GigabitEthernet0/0/0"
  17. "10.2**.32.34::ifName.4": "GigabitEthernet0/0/1"
  18. "10.2**.32.34::ifName.5": "GigabitEthernet0/0/2"
  19. "10.2**.32.34::ifName.6": "GigabitEthernet0/0/3"
  20. "10.2**.32.34::ifName.7": "GigabitEthernet0/0/4"
  21. "10.2**.32.34::ifName.8": "GigabitEthernet0/0/5"
  22. "10.2**.32.34::ifName.9": "Crypto-Engine0/0/8"
  23. "10.2**.32.34::ifName.10": "GigabitEthernet0"
  24. "10.2**.32.34::ifName.11": "VoIP-Null0"
  25. "10.2**.32.34::ifName.12": "Null0"
  26. "10.2**.32.34::ifName.14": "GigabitEthernet0/0/1.102"
  27. "10.2**.32.34::ifName.15": "GigabitEthernet0/0/1.103"
  28. "10.2**.32.34::ifName.17": "GigabitEthernet0/0/1.105"
  29. "10.2**.32.34::ifName.18": "GigabitEthernet0/0/1.106"
  30. "10.2**.32.34::ifName.19": "GigabitEthernet0/0/1.107"
  31. "10.2**.32.34::ifName.20": "GigabitEthernet0/0/1.108"
  32. "10.2**.32.34::ifName.21": "GigabitEthernet0/0/1.109"
  33. "10.2**.32.34::ifName.22": "GigabitEthernet0/0/1.110"
  34. "10.2**.32.34::ifName.23": "GigabitEthernet0/0/1.111"
  35. "10.2**.32.34::ifName.26": "GigabitEthernet0/0/1.100"