Trash Bin
0%

记录-日志分析环境搭建

Posted on Edited on In
Symbols count in article: 3.5k Reading time ≈ 3 mins.

下载&安装:

java1.8:

卸载:

1
# rpm -qa|grep java           // 查看jdk的信息

一般将获得如下信息:
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5

1
2
# yum -y remove java java-1.4.2-gcj-compat-1.4.2.0-40jpp.115// 卸载  
yum -y remove  java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5
1
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u161-b12/2f38c3b165be4555a1fa6e98c45e0808/jdk-8u161-linux-x64.rpm"

xampp:

原创)CentOS6.4下安装xampp(一定要在linux上下载)

RedHat中xampp的lampp开启失败提示“aaa proftpd[48908]⚠️ unable to determine IP address of ‘aaa’”解决办法

dvwa环境:http://192.168.199.244:8080/dvwa/index.php

Elasticsearch:

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.1.rpm

sudo rpm --install elasticsearch-5.6.1.rpm

ElasticSearch分词器设置

http://192.168.0.38:9200/_template/web_apache_template

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
{
  "template": "web-apache-*",
  "order":2,
  "settings": {
    "analysis": {  
      "analyzer": {   
        "charSplit": {  
          "type": "custom",  
              "tokenizer": "ngram_tokenizer"  
        }  
      },  
     "tokenizer": {  
           "ngram_tokenizer": {  
             "type": "nGram",  
             "min_gram": "1",  
             "max_gram": "1",  
             "token_chars": [  
               "letter",  
               "digit",  
               "punctuation"  
             ]  
           }  
        }  
      }  
  },"mappings": {

    "apache-access": {
        "properties": {
            "raw_request": {  
					     "type": "text",  
					     "store": "yes",  
					     "analyzer": "charSplit"
					},  
            "method": {
                "type": "keyword"
            },
            "offset": {
                "type": "long"
            },
            "auth": {
                "type": "keyword"
            },
            "input_type": {
                "type": "keyword"
                },
            "http_version": {
                "type": "float"
            },
            "read_timestamp": {
                "type": "date"
            },
            "source": {
                "type": "keyword"
            },
            "type": {
                "type": "keyword"
            },
            "tags": {
                "type": "keyword"
            },
            "@timestamp": {
                "type": "date"
            },
            "bytes": {
                "type": "long"
            },
            "@version": {
                "type": "keyword"
            },
            "beat": {
                "properties": {
                    "hostname": {
                        "type": "keyword"
                    },
                    "name": {
                        "type": "keyword"
                    },
                    "version": {
                        "type": "keyword"
                    }
                }
            },
            "host": {
                "type": "keyword"
            },
            "client_ip": {
                "type": "keyword"
            },
            "status": {
                "type": "keyword"
            }
        }
    }

}
        
        }

Logstash:

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

sudo rpm --install logstash-5.6.1.rpm

Kibana:

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.1-x86_64.rpm

sudo rpm --install kibana-5.6.1-x86_64.rpm

修改/etc/kibana/kibana.yml添加server.host:0.0.0.0

Related Posts