EFK安装配置

发表于 | 分类于 |

Td-agent

安装准备

增大 File Descriptors 得最大值

使用 ulimit -n 查看

1
2
$ ulimit -n
65535

如果你的系统显示 该数值为1024, 需要增大 File Descritors ,编辑 /etc/security/limits.conf ,在最后加入以下几行,并重启机器

1
2
3
4
root soft nofile 65536
root hard nofile 65536
* soft nofile 65536
* hard nofile 65536

优化网络内核参数

高负载的环境中会存在很多 Flunted 实例, 将这些参数加入到 /etc/systc..conf 文件中。并且执行 sysctl -p 命令 或重启系统使这些参数生效。

1
2
3
4
5
6
7
8
9
10
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10240 65535

安装 td-agent (在 redhat 中)

如果系统可以连接互联网,可以通过以下脚本自动安装

1
$ curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent3.sh | sh

该命令从treasuredata上获取到一个自动安装脚本,并执行该脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
echo "=============================="
echo " td-agent Installation Script "
echo "=============================="
echo "This script requires superuser access to install rpm packages."
echo "You will be prompted for your password by sudo."

# clear any previous sudo permission
sudo -k

# run inside sudo
sudo sh <<SCRIPT

  # add GPG key
  rpm --import https://packages.treasuredata.com/GPG-KEY-td-agent

  # add treasure data repository to yum
  cat >/etc/yum.repos.d/td.repo <<'EOF';
[treasuredata]
name=TreasureData
baseurl=http://packages.treasuredata.com/3/redhat/\$releasever/\$basearch
gpgcheck=1
gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
EOF

  # update your sources
  yum check-update

  # install the toolbelt
  yes | yum install -y td-agent

SCRIPT

# message
echo ""
echo "Installation completed. Happy Logging!"
echo ""

td-agent 安装完毕,启动td-agent后台进程

td-agent 提供了两种脚本

systemd

可以用 /usr/lib/systemd/system/td-agent 来启动或停止 td-agent 进程,相应的可以将 td-agent.service 添加到 etc/systemd/system

1
2
$ sudo systemctl start td-agent.service
$ sudo systemctl status td-agent.service

init.d

/etc/init.d/td-agent启动或停止 td-agent 进程

1
2
3
4
$ sudo /etc/init.d/td-agent start
Starting td-agent: [  OK  ]
$ sudo /etc/init.d/td-agent status
td-agent (pid  21678) is running...

==启动后遇到以下问题==

1
unexpected error error_class=Errno::EACCES error="Permission denied @ rb_sysopen - /var/log/td-agent/httpd-access.log

原因:默认使用的 td-agent 用户启动用户,在读取日志文件时没有权限,改为 root 用户启动 td-agent

切换到root用户

执行命令:

sysctl -w vm.max_map_count=262144

查看结果:

sysctl -a|grep vm.max_map_count

显示:

vm.max_map_count = 262144

上述方法修改之后,如果重启虚拟机将失效,所以:

解决办法:

在 /etc/sysctl.conf文件最后添加一行

vm.max_map_count=262144

即可永久修改