Python- multithreading other attributes and inheriting the Thread class

Python- multithreading other attributes and inheriting the Thread class

1. Pull the sebp/elk image

[AppleScript]
Plain text view
Copy code
1
sudo docker pull sebp/elk

2. Run the ELK container

When running the elk container, you need to forward the port of the host to the container, where the ES port is 9200, the kibana port is 5601, and the logstash is 5044 (Note: you can enter the container to modify it, and then freely allocate it); it is recommended to configure the The data is stored on the host for easy maintenance, so the host directory needs to be mounted in the container/data; the final construction command is as follows:

[AppleScript]
Plain text view
Copy code
1
sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -v /home/nya/dockerFile:/data -it -d --name elk sebp/elk

3.
Simple configuration of ELK server

Here ELK is used as the server, and the sebp/elk image generates an SSL certificate by default. Just copy the certificate to the client. The relevant configuration of logstash in the container is located in/etc/logstash/conf.d. Enter the default configuration as follows:
[AppleScript]
Plain text view
Copy code
1
2
3
4
5
6
7
8
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-beats.crt"
ssl_key => "/etc/pki/tls/private/logstash-beats.key"
}
}
4. Simple test (need to turn off the firewall, get the firewall to allow the use of port 5601)
5.
ELK client configuration
The core of ELK client configuration lies in the relevant configuration of Filebeat
5.1. Add elastic key to the client
[AppleScript]
Plain text view
Copy code
1
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

5.2. Install apt-transport-https

Since the elastic data transmitted by https will be used, it needs to be installed
apt-transport-https

[AppleScript]
Plain text view
Copy code
1
sudo apt-get install -y apt-transport-https

5.3. Add elastic library and update apt-get library
[AppleScript]
Plain text view
Copy code
1
2
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt-get update

5.4. Install Filebeat and related configuration

[AppleScript]
Plain text view
Copy code
1
2
sudo apt-get install -y filebeat
sudo vi /etc/filebeat/filebeat.yml

Simple configuration
note: The configuration file is .yml, the format is particularly important, especially the configuration key: must have a space after it, otherwise filebeat will fail to start.
[AppleScript]
Plain text view
Copy code
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
filebeat.prospectors:
- input_type: log
paths:
- /data/rosetta/logs/image-search.log
- /data/rosetta/logs/summary.log
document_type: syslog
output.logstash:
hosts: ["ip:5044"]
bulk_max_size: 2048
# ssl.certificate_authorities: ["/etc/logstash/logstash.crt"]
ssl.certificate_authorities: ["/home/nya/logstash-beats.crt"]
template.name: "filebeat"
template.path: "filebeat.template.json"
template.overwrite: false

5.5. Start Filebeat

[AppleScript]
Plain text view
Copy code
1
2
3
sudo systemctl start filebeat //
sudo systemctl enable filebeat //
sudo systemctl status filebeat //

5.6. Check and test




For more technical information, please pay attention to: itheimaGZ