服务器端安装好ELK

客户端
# 版本与ELK版本一致
yum install -y libpcap
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-7.4.2-x86_64.rpm
rpm -vi packetbeat-7.4.2-x86_64.rpm

修改配置文件
/etc/packetbeat/packetbeat.yml

配置Kibana和es

============================== Kibana
setup.kibana:
host: “192.168.0.1:5602” # kibana地址
username: “elastic” # kibanna账户密码,根据场景填写
password: “elastic”
#————————————— Elasticsearch output
output.elasticsearch:
hosts: [“192.168.0.1:9200”] # es地址
username: “elastic” # es账户密码,根据场景填写
password: “elastic”

========================== Transaction protocols =============================
## 抓取的协议(把不用的协议都禁用掉,避免多余的数据抓取)
packetbeat.protocols:

  • type: mysql
    # Configure the ports where to listen for MySQL traffic. You can disable
    # the MySQL protocol by commenting out the list of ports.
    ports: [3306,3307]

  • type: pgsql
    # Configure the ports where to listen for Pgsql traffic. You can disable
    # the Pgsql protocol by commenting out the list of ports.
    ports: [5432]
    enabled: false

  • type: redis
    # Configure the ports where to listen for Redis traffic. You can disable
    # the Redis protocol by commenting out the list of ports.
    ports: [6379]
    enabled: false

测试配置
[root@elk-client ~]# packetbeat test config -e

Config OK

导入dashboard
[root@elk-client ~]# packetbeat setup
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Loaded dashboards

启动服务
[root@elk-client ~]# systemctl start packetbeat
查看状态
[root@elk-client ~]# systemctl status packetbeat
● packetbeat.service - Packetbeat analyzes network traffic and sends the data to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/packetbeat.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2021-08-10 15:05:31 CST; 5s ago
Docs: https://www.elastic.co/products/beats/packetbeat
Main PID: 20197 (packetbeat)
CGroup: /system.slice/packetbeat.service
└─20197 /usr/share/packetbeat/bin/packetbeat -e -c /etc/packetbeat/packetbeat.yml -path.home /usr/share/packetbeat -path.config /etc/packetbeat -path.dat…

Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.697+0800 INFO [index-management.ilm] ilm/std.go:134 do not g…rite=false
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.697+0800 INFO [index-management] idxmgmt/std.go:265 ILM poli…ly loaded.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.697+0800 INFO [index-management] idxmgmt/std.go:394 Set setu…s enabled.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.697+0800 INFO [index-management] idxmgmt/std.go:399 Set setu…s enabled.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.698+0800 INFO [index-management] idxmgmt/std.go:433 Set sett…s enabled.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.698+0800 INFO [index-management] idxmgmt/std.go:437 Set sett…s enabled.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.720+0800 INFO template/load.go:88 Template packetbeat-7.4.2 already…erwritten.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.720+0800 INFO [index-management] idxmgmt/std.go:289 Loaded i… template.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.733+0800 INFO [index-management] idxmgmt/std.go:300 Write al…generated.
Aug 10 15:05:36 elk-server packetbeat[20197]: 2021-08-10T15:05:36.740+0800 INFO pipeline/output.go:105 Connection to backoff(elastics…stablished
Hint: Some lines were ellipsized, use -l to show in full.

登录kibana,打开dashboard
image.png
# 抓取mysql
# 进入>Dashboard>[Packetbeat] MySQL performance ECS
image.png