Merhaba;

Bugün sizinle paylaşacağım yazı hayli uzun. İçinde üç farklı konuyu işledim. İlk konu, RHEL 7.9 sistemine “ELK Stack” yapısının ve “beat”lerin kurulmasını; bu bileşenlerin temel konfigürasyonunu kapsıyor.  Ardından, “Zabbix” ile “ELK Stack” ortamının nasıl izlenebileceğine değindim. Son konumuz ise, “elasticsearch” ortamına “Zabbix” loglarının gönderilmesini kapsıyor. Oldukça popüler olan bu üç konunun ilginizi çekeceğini düşünüyorum.

Bu amaç ile öncelikle RHEL 7.9 sistemimize, “hostname”i nami, “ELK Stack” kuracağız. Zabbix ile ilgili yazdığım daha önceki iki yazımı da okumanızı tavsiye ederim.

https://www.linkedin.com/pulse/zabbix-izleme-yaz%C4%B1l%C4%B1m%C4%B1-b%C3%B6l%C3%BCm-1-sarav-asiye-yigit/

https://www.linkedin.com/pulse/zabbix-grafana-sarav-asiye-yigit/

“Elasticsearch”, “Logstash” ve “Kibana”ya dayanan ELK, her ölçekte, verileri aramak, analiz etmek ve görselleştirmek için kullanılan açık kaynaklı bir çözümdür. Elasticsearch ve Logstash, Java’nın sistemde çalışmasını gerektirdiğinden ilk görevimiz Java’yı kurmaktır.

[root@nami ~]# uname -a

Linux nami 3.10.0-1160.11.1.el7.x86_64 #1 SMP Mon Nov 30 13:05:31 EST 2020 x86_64 x86_64 x86_64 GNU/Linux

[root@nami ~]#

“nami” sisteminde aşağıdaki gibi Java paketi yüklü.

[root@nami ~]# java -version

openjdk version “1.8.0_282”

OpenJDK Runtime Environment (build 1.8.0_282-b08)

OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)

[root@nami ~]#

“ELK” deposunu eklememiz gerekiyor.

[root@nami ~]# cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo

> [elasticsearch-7.x]

> name=Elasticsearch repository for 7.x packages

> baseurl=https://artifacts.elastic.co/packages/7.x/yum

> gpgcheck=1

> gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

> enabled=1

> autorefresh=1

> type=rpm-md

> EOF

[elasticsearch-7.x]

name=Elasticsearch repository for 7.x packages

baseurl=https://artifacts.elastic.co/packages/7.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

[root@nami ~]#

GPG anahtarını sisteme yüklememiz gerekiyor.

[root@nami ~]# sudo rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch

[root@nami ~]#

Aşağıdaki şekilde paket indeksini temizledik ve güncelledik.

[root@nami ~]# yum clean all

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Cleaning repos: elasticsearch-7.x rhel-7-server-rpms

[root@nami ~]# yum makecache

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

elasticsearch-7.x                                                                                             | 1.3 kB 00:00:00

rhel-7-server-rpms                                                                                            | 3.5 kB 00:00:00

(1/8): elasticsearch-7.x/primary                                                                              | 208 kB 00:00:00

(2/8): elasticsearch-7.x/other                                                                                | 27 kB 00:00:00

(3/8): rhel-7-server-rpms/7Server/x86_64/group                                                                | 631 kB 00:00:01

(4/8): rhel-7-server-rpms/7Server/x86_64/updateinfo                                                           | 3.9 MB 00:00:03

(5/8): rhel-7-server-rpms/7Server/x86_64/filelists_db                                                         | 53 MB 00:00:30

(6/8): rhel-7-server-rpms/7Server/x86_64/primary_db                                                           | 78 MB 00:00:45

(7/8): elasticsearch-7.x/filelists                                                                            | 19 MB 00:00:54

(8/8): rhel-7-server-rpms/7Server/x86_64/other_db                                                             | 582 MB 00:03:09

elasticsearch-7.x                                                                                                            608/608

elasticsearch-7.x                                                                                                            608/608

elasticsearch-7.x                                                                                                            608/608

Metadata Cache Created

[root@nami ~]#

“Elasticsearch” deposu artık kullanıma hazır. “Elasticsearch”ü aşağıdaki komutu kullanarak kurabiliriz.

[root@nami ~]# yum -y install elasticsearch

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Resolving Dependencies

–> Running transaction check

—> Package elasticsearch.x86_64 0:7.10.2-1 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                         Arch                     Version                       Repository                           Size

======================================================================================================================================

Installing:

elasticsearch                   x86_64                   7.10.2-1                      elasticsearch-7.x                   304 M

 

Transaction Summary

======================================================================================================================================

Install 1 Package

 

Total download size: 304 M

Installed size: 510 M

Downloading packages:

elasticsearch-7.10.2-x86_64.rpm                                                                               | 304 MB 00:01:35

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Creating elasticsearch group… OK

Creating elasticsearch user… OK

Installing : elasticsearch-7.10.2-1.x86_64                                                                                     1/1

### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service

### You can start elasticsearch service by executing

sudo systemctl start elasticsearch.service

Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore

Verifying : elasticsearch-7.10.2-1.x86_64                                                                                     1/1

Installed:

elasticsearch.x86_64 0:7.10.2-1

Complete!

[root@nami ~]#

Paket doğrulamasını aşağıdaki gibi yapabiliriz.

[root@nami ~]# rpm -qi elasticsearch

Name       : elasticsearch

Epoch      : 0

Version    : 7.10.2

Release    : 1

Architecture: x86_64

Install Date: Mon 01 Feb 2021 07:13:52 PM +03

Group      : Application/Internet

Size       : 534867642

License    : Elastic License

Signature  : RSA/SHA512, Wed 13 Jan 2021 06:45:11 AM +03, Key ID d27d666cd88e42b4

Source RPM : elasticsearch-7.10.2-1-src.rpm

Build Date : Wed 13 Jan 2021 03:54:59 AM +03

Build Host : packer-virtualbox-iso-1600176624

Relocations : /usr

Packager   : Elasticsearch

Vendor     : Elasticsearch

URL        : https://www.elastic.co/

Summary    : Distributed RESTful search engine built for the cloud

Description :

Reference documentation can be found at

https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html

and the ‘Elasticsearch: The Definitive Guide’ book can be found at

https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html

[root@nami ~]#

Başlangıç ve maksimum “heap” büyüklükleri varsayılan olarak aşağıdaki gibidir. Siz bellek miktarınıza göre düzenlemeler yapabilirsiniz.

[root@nami ~]# grep -v “#” /etc/elasticsearch/jvm.options

-Xms1g

-Xmx1g

“Elasticsearch” servisini “boot” aşaması için aktifleştirelim ve şimdi başlamasını sağlayalım.

[root@nami ~]# systemctl enable –now elasticsearch.service

Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.

[root@nami ~]#

[root@nami ~]# systemctl | grep elasticsearch

elasticsearch.service                                                                           loaded active running  Elasticsearch

[root@nami ~]#

“Elasticsearch” servisinin çalıştığını aşağıdaki gibi teyit edelim.

[root@nami ~]# curl http://127.0.0.1:9200

{

“name” : “nami”,

“cluster_name” : “elasticsearch”,

“cluster_uuid” : “pAxHlR5KRPqu6OYoo3cObw”,

“version” : {

“number” : “7.10.2”,

“build_flavor” : “default”,

“build_type” : “rpm”,

“build_hash” : “747e1cc71def077253878a59143c1f785afa92b9”,

“build_date” : “2021-01-13T00:42:12.435326Z”,

“build_snapshot” : false,

“lucene_version” : “8.7.0”,

“minimum_wire_compatibility_version” : “6.8.0”,

“minimum_index_compatibility_version” : “6.0.0-beta1”

},

“tagline” : “You Know, for Search”

}

[root@nami ~]#

No alt text provided for this image

Şekil 1. “Elasticsearch” varsayılan GUI.

Örnek olması açısından, test amaçlı bir indeks oluşturalım.

[root@nami ~]# curl -X PUT “http://127.0.0.1:9200/mytest_index”

{“acknowledged”:true,”shards_acknowledged”:true,”index”:”mytest_index”}[root@nami ~]#

[root@nami ~]#

Bu kontrolleri yaptıktan sonra, “elasticsearch.yml” dosyasını kendime göre aşağıdaki gibi düzenledim.

[root@nami elasticsearch]# grep -v “#” elasticsearch.yml

cluster.name: elk_test_cluster

node.name: node-1

path.data: /var/lib/elasticsearch

path.logs: /var/log/elasticsearch

network.host: _site_

http.port: 9200

discovery.seed_hosts: [“nami”]

cluster.initial_master_nodes: [“node-1”]

[root@nami elasticsearch]#

Bu adımlardan sonra, “laptop” tarayıcımdan “elasticsearch”e giriş yaptım. Yaptığım konfigürasyonun aşağıdaki şekilde geldiğini gördüm.

No alt text provided for this image

Şekil 2. Konfigürasyon yaptıktan sonra “Elasticsearch” GUI.

“Elasticsearch”ü yükledik. Şimdi, “ELK”nın diğer üyesi olan “Kibana”yı yükleyelim.

[root@nami ~]# yum -y install kibana

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Resolving Dependencies

–> Running transaction check

—> Package kibana.x86_64 0:7.10.2-1 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                    Arch                       Version                        Repository                             Size

======================================================================================================================================

Installing:

kibana                     x86_64                     7.10.2-1                       elasticsearch-7.x                     242 M

 

Transaction Summary

======================================================================================================================================

Install 1 Package

 

Total download size: 242 M

Installed size: 667 M

Downloading packages:

kibana-7.10.2-x86_64.rpm                                                                                      | 242 MB 00:01:05

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : kibana-7.10.2-1.x86_64                                                                                            1/1

Verifying : kibana-7.10.2-1.x86_64                                                                                            1/1

 

Installed:

kibana.x86_64 0:7.10.2-1

 

Complete!

[root@nami ~]#

“/etc/kibana/kibana.yml” dosyasına aşağıdaki gibi eklenti yaptım.

[root@nami kibana]# grep -v “#” kibana.yml

server.port: 5601

server.name: “nima”

server.host: “0.0.0.0”

elasticsearch.hosts: [“http://10.1.1.74:9200”]

[root@nami kibana]#

“Kibana”yı boot aşaması için etkinleştirelim ve şimdi başlamasını sağlayalım.

[root@nami kibana]# systemctl enable –now kibana

Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.

[root@nami kibana]#

“Kibana” servisinin aşağıdaki gibi çalıştığını görüntüleyelim.

[root@nami kibana]# systemctl | grep -i kibana

kibana.service                                                                                  loaded active running  Kibana

[root@nami kibana]# systemctl status kibana

● kibana.service – Kibana

Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)

Active: active (running) since Mon 2021-02-01 20:09:40 +03; 1min 11s ago

Main PID: 3665 (node)

Tasks: 11

CGroup: /system.slice/kibana.service

Bu işlem sonrasında “Kibana GUI”sini aşağıdaki şekilde aldık.

No alt text provided for this image

Şekil 3. Kibana GUI.

Üçüncü adım olarak “Logstash” kurulumunu yapacağız.

[root@nami kibana]# yum -y install logstash

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Resolving Dependencies

–> Running transaction check

—> Package logstash.x86_64 1:7.10.2-1 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                     Arch                      Version                         Repository                            Size

======================================================================================================================================

Installing:

logstash                    x86_64                    1:7.10.2-1                      elasticsearch-7.x                    336 M

 

Transaction Summary

======================================================================================================================================

Install 1 Package

 

Total download size: 336 M

Installed size: 585 M

Downloading packages:

logstash-7.10.2-x86_64.rpm                                                                                    | 336 MB 00:01:41

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : 1:logstash-7.10.2-1.x86_64                                                                                        1/1

Using bundled JDK: /usr/share/logstash/jdk

Using provided startup.options file: /etc/logstash/startup.options

OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.

/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated

Successfully created system startup script for Logstash

Verifying : 1:logstash-7.10.2-1.x86_64                                                                                        1/1

 

Installed:

logstash.x86_64 1:7.10.2-1

 

Complete!

[root@nami kibana]#

“Logstash” özel yapılandırmaları “/etc/logstash/conf.d/” dizini altına yerleştirilebilir.

Hazır elimiz değmişken, “beat”leri de aşağıdaki gibi yükleyelim.

[root@nami conf.d]# yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Resolving Dependencies

–> Running transaction check

—> Package auditbeat.x86_64 0:7.10.2-1 will be installed

—> Package filebeat.x86_64 0:7.10.2-1 will be installed

—> Package heartbeat-elastic.x86_64 0:7.10.2-1 will be installed

—> Package metricbeat.x86_64 0:7.10.2-1 will be installed

—> Package packetbeat.x86_64 0:7.10.2-1 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                            Arch                    Version                      Repository                          Size

======================================================================================================================================

Installing:

auditbeat                          x86_64                  7.10.2-1                     elasticsearch-7.x                   26 M

filebeat                           x86_64                  7.10.2-1                     elasticsearch-7.x                   32 M

heartbeat-elastic                  x86_64                  7.10.2-1                     elasticsearch-7.x                   25 M

metricbeat                         x86_64                  7.10.2-1                     elasticsearch-7.x                   39 M

packetbeat                         x86_64                  7.10.2-1                     elasticsearch-7.x                   26 M

 

Transaction Summary

======================================================================================================================================

Install 5 Packages

 

Total download size: 148 M

Installed size: 527 M

Is this ok [y/d/N]: y

Downloading packages:

(1/5): filebeat-7.10.2-x86_64.rpm                                                                             | 32 MB 00:00:12

(2/5): auditbeat-7.10.2-x86_64.rpm                                                                            | 26 MB 00:00:20

(3/5): heartbeat-7.10.2-x86_64.rpm                                                                            | 25 MB 00:00:08

(4/5): packetbeat-7.10.2-x86_64.rpm                                                                           | 26 MB 00:00:09

(5/5): metricbeat-7.10.2-x86_64.rpm                                                                           | 39 MB 00:00:18

————————————————————————————————————————————–

Total                                                                                                3.9 MB/s | 148 MB 00:00:38

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : auditbeat-7.10.2-1.x86_64                                                                                         1/5

Installing : packetbeat-7.10.2-1.x86_64                                                                                        2/5

Installing : metricbeat-7.10.2-1.x86_64                                                                                        3/5

Installing : filebeat-7.10.2-1.x86_64                                                                                          4/5

Installing : heartbeat-elastic-7.10.2-1.x86_64                                                                                 5/5

Verifying : heartbeat-elastic-7.10.2-1.x86_64                                                                                 1/5

Verifying : filebeat-7.10.2-1.x86_64                                                                                          2/5

Verifying : metricbeat-7.10.2-1.x86_64                                                                                        3/5

Verifying : packetbeat-7.10.2-1.x86_64                                                                                        4/5

Verifying : auditbeat-7.10.2-1.x86_64                                                                                         5/5

Installed:

auditbeat.x86_64 0:7.10.2-1    filebeat.x86_64 0:7.10.2-1   heartbeat-elastic.x86_64 0:7.10.2-1   metricbeat.x86_64 0:7.10.2-1

packetbeat.x86_64 0:7.10.2-1

Complete!

[root@nami conf.d]#

“ELK stack” ile ilgili tüm bileşenleri kurduk, “elasticsearch” ve “kibana” konfigürasyonlarını yaptık. Her ikisinin de “GUI”lerine erişebildik.

Örnek olması açısından, “kibana GUI”den aşağıdaki adımları yaparak Linux sistemdeki “syslog” loglarımızın gönderimini sağladık.

No alt text provided for this image
No alt text provided for this image

Şekil 4. “Filebeat”in aktifleştirilmesi adımları.

No alt text provided for this image

Şekil 5. “filebeat” indeksinin oluşturulması.

Bu noktadan sonra Zabbix ile “ELK Stack” ortamını nasıl izleyebileceğimizi görelim. Açıkcası bu kısım için https://github.com/sergiotocalini/elasix ve https://medium.com/devopsturkiye/elasticsearch-sunucular%C4%B1n%C4%B1-zabbix-ile-i%CC%87zleme-f93b387bec07 linklerini kullandım. Unutmayalım, öncelikle, “nami” sistemini “Zabbix” sunucusuna “host” olarak ekledik. Nasıl ekleneceği önceki yazılarımda mevcut. Uygun ajanı kurup, “zabbix_agentd.conf” dosyasına aşağıdaki gibi sunucu IP bilgisini girmeniz gerekiyor.

Server=10.1.1.61

ServerActive=10.1.1.61

Hostname=nami

Sonrasında yaptığım, aşağıdaki gibi “github” üzerinden “elasticserach”ü izleme amaçlı  hazırlanmış betikleri almak oldu. “Elasticserach” sunucu bilgilerine göre bu dosyaları kendi ortamıma uygun şekilde düzenledim.

[root@nami agentd]# git clone https://github.com/sergiotocalini/elasix.git

Cloning into ‘elasix’…

remote: Enumerating objects: 108, done.

remote: Total 108 (delta 0), reused 0 (delta 0), pack-reused 108

Receiving objects: 100% (108/108), 38.47 KiB | 0 bytes/s, done.

Resolving deltas: 100% (49/49), done.

[root@nami agentd]# pwd

/etc/zabbix/scripts/agentd

[root@nami agentd]#

[root@nami agentd]# pwd

/etc/zabbix/scripts/agentd

[root@nami agentd]# ls -ltr

total 0

drwxr-xr-x. 4 root root 132 Feb 7 19:12 elasix

[root@nami agentd]# cd elasix/

[root@nami elasix]# ls -ltr

total 188

-rw-r–r–. 1 root root   962 Feb 7 19:12 README.md

-rw-r–r–. 1 root root 35147 Feb 7 19:12 LICENSE

drwxr-xr-x. 2 root root    76 Feb 7 19:12 elasix

-rwxr-xr-x. 1 root root   930 Feb 7 19:12 deploy_zabbix.sh

-rw-r–r–. 1 root root 146229 Feb 7 19:12 zbx3.4_template_db_elasticsearch.xml

[root@nami elasix]#

[root@nami elasix]# ls -ltr

total 20

-rw-r–r–. 1 root root 288 Feb 7 19:12 zabbix_agentd.conf

-rwxr-xr-x. 1 root root 4952 Feb 7 19:12 elasix.sh

-rw-r–r–. 1 root root  76 Feb 7 19:12 elasix.conf.example

-rw-r–r–. 1 root root  48 Feb 7 22:30 elasix.conf

[root@nami elasix]# more elasix.conf

ELASTIC_URL=”http://10.1.1.74:9200″

CACHE_TTL=1

[root@nami elasix]#

Bu yapının çalışması için sistem üzerinde “ksh, curl ve jq”nun kurulu olması gerekiyor. “ksh” ve “curl”un kurulması kolay ama “jq” beni biraz uğraştırdı. Siz zorlanmayın diye nasıl yaptığımı aşağıya ekledim. Yardım aldığım link yine kaynakça kısmında var.

[root@nami zabbix]# sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

epel-release-latest-7.noarch.rpm                                                                              | 15 kB 00:00:00

Examining /var/tmp/yum-root-mJCOv5/epel-release-latest-7.noarch.rpm: epel-release-7-13.noarch

Marking /var/tmp/yum-root-mJCOv5/epel-release-latest-7.noarch.rpm to be installed

Resolving Dependencies

–> Running transaction check

—> Package epel-release.noarch 0:7-13 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                       Arch                    Version               Repository                                      Size

======================================================================================================================================

Installing:

epel-release                  noarch                  7-13                  /epel-release-latest-7.noarch                   25 k

 

Transaction Summary

======================================================================================================================================

Install 1 Package

 

Total size: 25 k

Installed size: 25 k

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : epel-release-7-13.noarch                                                                                          1/1

Verifying : epel-release-7-13.noarch                                                                                          1/1

 

Installed:

epel-release.noarch 0:7-13

 

Complete!

[root@nami zabbix]# sudo yum install jq -y

Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager

Existing lock /var/run/yum.pid: another copy is running as pid 22277.

Another app is currently holding the yum lock; waiting for it to exit…

The other application is: PackageKit

Memory : 302 M RSS (784 MB VSZ)

Started: Sun Feb 7 18:48:08 2021 – 00:18 ago

State : Running, pid: 22277

Another app is currently holding the yum lock; waiting for it to exit…

The other application is: PackageKit

Memory : 377 M RSS (859 MB VSZ)

Started: Sun Feb 7 18:48:08 2021 – 00:20 ago

State : Running, pid: 22277

Another app is currently holding the yum lock; waiting for it to exit…

The other application is: PackageKit

Memory : 419 M RSS (901 MB VSZ)

Started: Sun Feb 7 18:48:08 2021 – 00:22 ago

State : Sleeping, pid: 22277

Another app is currently holding the yum lock; waiting for it to exit…

The other application is: PackageKit

Memory : 419 M RSS (901 MB VSZ)

Started: Sun Feb 7 18:48:08 2021 – 00:24 ago

State : Sleeping, pid: 22277

Another app is currently holding the yum lock; waiting for it to exit…

The other application is: PackageKit

Memory : 419 M RSS (901 MB VSZ)

Started: Sun Feb 7 18:48:08 2021 – 00:26 ago

State : Sleeping, pid: 22277

Resolving Dependencies

–> Running transaction check

—> Package jq.x86_64 0:1.6-2.el7 will be installed

–> Processing Dependency: libonig.so.5()(64bit) for package: jq-1.6-2.el7.x86_64

–> Running transaction check

—> Package oniguruma.x86_64 0:6.8.2-1.el7 will be installed

–> Finished Dependency Resolution

 

Dependencies Resolved

 

======================================================================================================================================

Package                         Arch                         Version                            Repository                  Size

======================================================================================================================================

Installing:

jq                              x86_64                       1.6-2.el7                          epel                       167 k

Installing for dependencies:

oniguruma                       x86_64                       6.8.2-1.el7                        epel                       181 k

 

Transaction Summary

======================================================================================================================================

Install 1 Package (+1 Dependent package)

 

Total download size: 348 k

Installed size: 1.0 M

Downloading packages:

warning: /var/cache/yum/x86_64/7Server/epel/packages/jq-1.6-2.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY

Public key for jq-1.6-2.el7.x86_64.rpm is not installed

(1/2): jq-1.6-2.el7.x86_64.rpm                                                                                | 167 kB 00:00:00

(2/2): oniguruma-6.8.2-1.el7.x86_64.rpm                                                                       | 181 kB 00:00:00

————————————————————————————————————————————–

Total                                                                                                1.0 MB/s | 348 kB 00:00:00

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Importing GPG key 0x352C64E5:

Userid    : “Fedora EPEL (7) <epel@fedoraproject.org>”

Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5

Package   : epel-release-7-13.noarch (@/epel-release-latest-7.noarch)

From      : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : oniguruma-6.8.2-1.el7.x86_64                                                                                      1/2

Installing : jq-1.6-2.el7.x86_64                                                                                               2/2

Verifying : oniguruma-6.8.2-1.el7.x86_64                                                                                      1/2

Verifying : jq-1.6-2.el7.x86_64                                                                                               2/2

 

Installed:

jq.x86_64 0:1.6-2.el7

 

Dependency Installed:

oniguruma.x86_64 0:6.8.2-1.el7

 

Complete!

[root@nami zabbix]#

 

[root@nami zabbix]# jq -Version

jq-1.6

[root@nami zabbix]#

 

[root@nami zabbix]# echo ‘{

> “response”: [{

> “id”: “1”,

> “name”: “Rachel Green”

> }, {

> “id”: “2”,

> “name”: “Sheldon Cooper”

> }]

> }’ | jq .’response’

[

{

“id”: “1”,

“name”: “Rachel Green”

},

{

“id”: “2”,

“name”: “Sheldon Cooper”

}

]

[root@nami zabbix]#

“Github”dan gelen dosyalar içinde, “Zabbix” sunucunun “elasticsearch”ü izlemesi için oluşturulmuş “zbx3.4_template_db_elasticsearch.xml” isimli bir şablon mevcut. Bu şablonu, “Zabbix” sunucusuna aşağıdaki gibi “import” etmek gerekiyor. Yine gelen dosyalar içinde, örnek bir “zabbix_agentd.conf” dosyası da var. Sistem üzerindeki zabbix_agentd.conf dosyasına dökümante ettiği satırları eklemek gerekiyor. Aşağıdakileri ekledim.

UserParameter=elasix[*],/etc/zabbix/scripts/agentd/elasix/elasix/elasix.sh -s $1 -a p=$2 -a p=$3 -a p=$4 -a p=$5

UserParameter=elasix.discovery[*],/etc/zabbix/scripts/agentd/elasix/elasix/elasix.sh -a $1 -j p=$2 -a p=$3

UserParameter=elasix.version,/etc/zabbix/scripts/agentd/elasix/elasix/elasix.sh -v short

No alt text provided for this image

Şekil 6. Zabbix sunucuya “zbx3.4_template_db_elasticsearch.xml” import edilmesi.

No alt text provided for this image

Şekil 7. “name” sistemi için yüklenen “zbx3.4_template_db_elasticsearch.xml” şablonun seçilmesi.

“nami”de şablonu aktifleştirdikten sonra, “triggers” kısmına aşağıdakilerin geldiğini gördüm.

No alt text provided for this image

Şekil 8. “nami”de şablonun aktifleştirilmesi sonrası gelen “trigger”lar.

Betiklerde status bilgisinin yazılacağını söylediğimiz “/etc/zabbix/scripts/agentd/elasix/elasix/tmp”de aşağıdaki gibi statü bilgilerinin güncellendiğini gördüm.

[root@nami tmp]# ls -ltr

total 112

-rw-rw-r–. 1 zabbix zabbix  6986 Feb 7 23:45 cluster.json

-rw-rw-r–. 1 zabbix zabbix   470 Feb 7 23:45 health.json

-rw-rw-r–. 1 zabbix zabbix 101074 Feb 7 23:45 indices.json

[root@nami tmp]# ls -ltr

total 112

-rw-rw-r–. 1 zabbix zabbix 101070 Feb 7 23:48 indices.json

-rw-rw-r–. 1 zabbix zabbix  6986 Feb 7 23:49 cluster.json

-rw-rw-r–. 1 zabbix zabbix   470 Feb 7 23:49 health.json

[root@nami tmp]# ls -ltr

total 112

-rw-rw-r–. 1 zabbix zabbix  6986 Feb 7 23:51 cluster.json

-rw-rw-r–. 1 zabbix zabbix   470 Feb 7 23:51 health.json

-rw-rw-r–. 1 zabbix zabbix 101084 Feb 7 23:51 indices.json

[root@nami tmp]# ls -ltr

total 112

-rw-rw-r–. 1 zabbix zabbix  6986 Feb 7 23:51 cluster.json

-rw-rw-r–. 1 zabbix zabbix   470 Feb 7 23:51 health.json

-rw-rw-r–. 1 zabbix zabbix 101084 Feb 7 23:51 indices.json

[root@nami tmp]#

Açıkcası bu kısım için betiklere detaylı bakmak ve kendimize göre uygun gördüğümüz eklentileri yapmak gerekir diye düşünüyorum. Ama en azından yukarıda linklerini ilettiğim dökümanlardan genel amacı ve betikleri nasıl genişletebileceğimizi anlayabiliyoruz.

Bahsetmek istediğim son konu ise, “Zabbix”de tutulan verileri “elasticsearch” ortamına gönderebileceğimizdir. “Elasticsearch”, Zabbix’in izleme öğe türlerini destekler: “uint, dbl, str, log, text”. https://www.programmersought.com/article/4412296564/ ve https://www.zabbix.com/documentation/current/manual/appendix/install/elastic_search_setup makalesinden faydalandım. Makalede olduğu gibi pek çok “curl” komutunu “elasticsearch” eşlemelerini oluşturmak için çalıştırmanız gerekiyor. Aşağıda bu komutları bulabilirsiniz.

curl -H “Content-Type:application/json” -XPUT http://192.168.1.231:9200/uint -d ‘ { “settings” : { “index” : { “number_of_replicas” : 1, “number_of_shards” : 5 } }, “mappings” : { “values” : { “properties” : { “itemid” : { “type” : “long” }, “clock” : { “format” : “epoch_second”, “type” : “date” }, “value” : { “type” : “long” } } } } } ‘

curl -H “Content-Type:application/json” -XPUT http://192.168.1.231:9200/dbl -d ‘ { “settings” : { “index” : { “number_of_replicas” : 1, “number_of_shards” : 5 } }, “mappings” : { “values” : { “properties” : { “itemid” : { “type” : “long” }, “clock” : { “format” : “epoch_second”, “type” : “date” }, “value” : { “type” : “double” } } } } } ‘

curl -H “Content-Type:application/json” -XPUT http://192.168.1.231:9200/log -d ‘ { “settings” : { “index” : { “number_of_replicas” : 1, “number_of_shards” : 5 } }, “mappings” : { “values” : { “properties” : { “itemid” : { “type” : “long” }, “clock” : { “format” : “epoch_second”, “type” : “date” }, “value” : { “fields” : { “analyzed” : { “index” : true, “type” : “text”, “analyzer” : “standard” } }, “index” : false, “type” : “text” } } } } } ‘

curl -H “Content-Type:application/json” -XPUT http://192.168.1.231:9200/text -d ‘ { “settings” : { “index” : { “number_of_replicas” : 1, “number_of_shards” : 5 } }, “mappings” : { “values” : { “properties” : { “itemid” : { “type” : “long” }, “clock” : { “format” : “epoch_second”, “type” : “date” }, “value” : { “fields” : { “analyzed” : { “index” : true, “type” : “text”, “analyzer” : “standard” } }, “index” : false, “type” : “text” } } } } } ‘

curl -H “Content-Type:application/json” -XPUT http://192.168.1.231:9200/str -d ‘ { “settings” : { “index” : { “number_of_replicas” : 1, “number_of_shards” : 5 } }, “mappings” : { “values” : { “properties” : { “itemid” : { “type” : “long” }, “clock” : { “format” : “epoch_second”, “type” : “date” }, “value” : { “fields” : { “analyzed” : { “index” : true, “type” : “text”, “analyzer” : “standard” } }, “index” : false, “type” : “text” } } } } } ‘

Yukardaki komutlardan gördüğünüz gibi “uint, dbl, str, log, text” her biri için “curl” komutunu çalıştırdık.

“Zabbix” sunucuda “/etc/zabbix/zabbix_server.conf” dosyasına aşağıda olan satırları ekledim.

## Added by Sarav Asiye Yigit

#Start

HistoryStorageURL=http://10.1.1.74:9200

HistoryStorageTypes=uint,dbl,str,log,text

#Stop

“zabbix_server.conf” 884L, 22565C written

[root@zabbix zabbix]#

“/etc/zabbix/web/zabbix.conf.php” dosyasına aşağıdakileri ekledim.

## Added by Sarav Asiye Yigit

#Start

$HISTORY[‘url’]  = ‘http://10.1.1.74:9200’;

$HISTORY[‘types’] = [‘str’, ‘text’, ‘log’,’uint’,’dbl’];

#Stop

“zabbix.conf.php” 57L, 1816C written

[root@zabbix web]#

No alt text provided for this image

Şekil 9. “curl” ile eklediğimiz indekslerin geldiğini görüyoruz.

No alt text provided for this image

Şekil 10. “dbl” için “indeks pattern”lerin oluşturulması.

No alt text provided for this image

Şekil 11. “dbl” indeksindeki alanlar ve türleri.

No alt text provided for this image

Şekil 12. “Discover” sekmesinden “dbl*”e ait “log”ları görüyoruz.

Şekil 13., “str*”e ait indeks “pattern”lerinin oluşturulmasını ve “discover” sekmesinden “str*” indeksine ait “log”ların görülmesini adım adım anlatmaktadır.

No alt text provided for this image
No alt text provided for this image
No alt text provided for this image
No alt text provided for this image
No alt text provided for this image

Şekil 13. “str*”e ait indeks “pattern”lerinin oluşturulmasını ve “discover” sekmesinden “str*” indeksine ait “log”ların görülmesi.

Yukarda yaptığımız adımları kalan “uint, dbl, str, log, text” içinde yaptım. Onları tekrar olmaması açısından görsel olarak eklemedim. Aynı adımları yaparak oluşturuyoruz. Şekil 14.’de tüm indekslerin oluşturulduğunu seçim alanından görüyorsunuz. “Log”ları “elasticsearch”e aldıktan sonra artık sizin hayal gücünüze göre üzerinde analitik, makine öğrenmesi gibi pek çok  işlem çalıştırabilirsiniz.

No alt text provided for this image

Şekil 14. “Discover” ekranından “uint, dbl, str, log, text” için oluşturulmuş indeks “pattern”leri.

Makalede gördüğünüz gibi aktardığım tüm içerik, test sistemlerimde yaparak doğruluğundan ve çıktısından emin olduğum şekildedir. Anlattıklarımı temel olarak alıp, üzerine neler ekleyebiliriz, nasıl geliştirebiliriz ile ilgili kafa yormak gerekiyor. Genç arkadaşlar sizlere güveniyorum. Önümüzde ilerleyeceğimiz çok geniş kollarını bize tamamen açımış açık bir dünya var. Yapmamız gereken, çalışmak, test etmek, sonuçlarını yorumlamak ve daha nasıl iyi yapabilirim diye eklentiler, geliştirmeler yapmaktır.

Sarav Asiye Yiğit  –  7-8 Şubat 2021

Kaynakça:

https://computingforgeeks.com/how-to-install-elk-stack-on-centos-fedora/

https://www.programmersought.com/article/4412296564/

https://developers.redhat.com/blog/2016/06/07/how-to-install-elastic-stack-elk-on-red-hat-enterprise-linux-rhel/

https://www.zabbix.com/documentation/current/manual/appendix/install/elastic_search_setup

https://github.com/dimitribellini/zabbix-tutorial/blob/master/zabbix_elasticserach_integration

https://www.zabbix.com/documentation/current/manual/appendix/install/elastic_search_setup

https://github.com/sergiotocalini/elasix

https://medium.com/devopsturkiye/elasticsearch-sunucular%C4%B1n%C4%B1-zabbix-ile-i%CC%87zleme-f93b387bec07

https://gchandra.medium.com/install-jq-on-centos-7-459dd650baa3

https://blog.zabbix.com/zabbix-integration-with-big-data-systems-in-large-scale-environment/8844/