{"id":923,"date":"2018-08-02T16:16:50","date_gmt":"2018-08-02T08:16:50","guid":{"rendered":"https:\/\/blog.jsjs.org\/?p=923"},"modified":"2018-08-02T16:16:50","modified_gmt":"2018-08-02T08:16:50","slug":"centos7-%e4%b9%8b%e5%ae%89%e8%a3%85logstash-elk-stack-%e6%97%a5%e5%bf%97%e7%ae%a1%e7%90%86%e7%b3%bb%e7%bb%9f","status":"publish","type":"post","link":"https:\/\/blog.jsjs.org\/?p=923","title":{"rendered":"Centos7 \u4e4b\u5b89\u88c5Logstash ELK stack \u65e5\u5fd7\u7ba1\u7406\u7cfb\u7edf"},"content":{"rendered":"

\u4e00\u3001\u4ecb\u7ecd<\/p>\n

\"\"<\/p>\n

The Elastic Stack\u00a0– \u5b83\u4e0d\u662f\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u800c\u662fElasticsearch\uff0cLogstash\uff0cKibana \u5f00\u6e90\u8f6f\u4ef6\u7684\u96c6\u5408\uff0c\u5bf9\u5916\u662f\u4f5c\u4e3a\u4e00\u4e2a\u65e5\u5fd7\u7ba1\u7406\u7cfb\u7edf\u7684\u5f00\u6e90\u65b9\u6848\u3002\u5b83\u53ef\u4ee5\u4ece\u4efb\u4f55\u6765\u6e90\uff0c\u4efb\u4f55\u683c\u5f0f\u8fdb\u884c\u65e5\u5fd7\u641c\u7d22\uff0c\u5206\u6790\u83b7\u53d6\u6570\u636e\uff0c\u5e76\u5b9e\u65f6\u8fdb\u884c\u5c55\u793a\u3002\u50cf\u76fe\u724c\uff08\u5b89\u5168\uff09\uff0c\u76d1\u62a4\u8005\uff08\u8b66\u62a5\uff09\u548cMarvel\uff08\u76d1\u6d4b\uff09\u4e00\u6837\u4e3a\u4f60\u7684\u4ea7\u54c1\u63d0\u4f9b\u66f4\u591a\u7684\u53ef\u80fd\u3002<\/p>\n

Elasticsearch\uff1a\u641c\u7d22\uff0c\u63d0\u4f9b\u5206\u5e03\u5f0f\u5168\u6587\u641c\u7d22\u5f15\u64ce<\/p>\n

Logstash: \u65e5\u5fd7\u6536\u96c6\uff0c\u7ba1\u7406\uff0c\u5b58\u50a8<\/p>\n

Kibana \uff1a\u65e5\u5fd7\u7684\u8fc7\u6ee4web \u5c55\u793a
\nFilebeat\uff1a\u76d1\u63a7\u65e5\u5fd7\u6587\u4ef6\u3001\u8f6c\u53d1<\/p>\n

\u4e8c\u3001\u6d4b\u8bd5\u73af\u5883\u89c4\u5212\u56fe<\/p>\n

\"\"<\/p>\n

\u73af\u5883\uff1aip\u3001\u4e3b\u673a\u540d\u6309\u7167\u5982\u4e0a\u89c4\u5212\uff0c\u7cfb\u7edf\u5df2\u7ecf update. \u6240\u6709\u4e3b\u673a\u65f6\u95f4\u4e00\u81f4\u3002\u9632\u706b\u5899\u6d4b\u8bd5\u73af\u5883\u5df2\u5173\u95ed\u3002\u4e0b\u9762\u662f\u8fd9\u6b21elk\u5b66\u4e60\u7684\u90e8\u7f72\u5b89\u88c5<\/p>\n

\u76ee\u7684\uff1a\u901a\u8fc7elk \u4e3b\u673a\u6536\u96c6\u76d1\u63a7\u4e3b\u8981server\u7684\u7cfb\u7edf\u65e5\u5fd7\u3001\u4ee5\u53ca\u7ebf\u4e0a\u5e94\u7528\u670d\u52a1\u65e5\u5fd7\u3002<\/p>\n

\u4e09\u3001Elasticsearch+Logstash+Kibana\u7684\u5b89\u88c5\uff08\u5728 elk.test.com \u4e0a\u8fdb\u884c\u64cd\u4f5c\uff09<\/p>\n

3.1.\u57fa\u7840\u73af\u5883\u68c0\u67e5<\/p>\n

\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk ~]# hostname\nelk.test.com\n[root@elk ~]# cat \/etc\/hosts\n127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4\n::1         localhost localhost.localdomain localhost6 localhost6.localdomain6\n192.168.30.67   elk.test.com\n192.168.30.99   rsyslog.test.com\n192.168.30.64   nginx.test.com<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
3.2.\u8f6f\u4ef6\u5305<\/p>\n
\n
[root@elk ~]# cd elk\/\n[root@elk elk]# wget -c https:\/\/download.elastic.co\/elasticsearch\/release\/org\/elasticsearch\/distribution\/rpm\/elasticsearch\/2.3.3\/elasticsearch-2.3.3.rpm\n[root@elk elk]# wget -c https:\/\/download.elastic.co\/logstash\/logstash\/packages\/centos\/logstash-2.3.2-1.noarch.rpm\n[root@elk elk]# wget https:\/\/download.elastic.co\/kibana\/kibana\/kibana-4.5.1-1.x86_64.rpm\n[root@elk elk]# wget -c https:\/\/download.elastic.co\/beats\/filebeat\/filebeat-1.2.3-x86_64.rpm<\/pre>\n<\/div>\n
3.3.\u68c0\u67e5<\/p>\n
\n
[root@elk elk]# ls\nelasticsearch-2.3.3.rpm  filebeat-1.2.3-x86_64.rpm  kibana-4.5.1-1.x86_64.rpm  logstash-2.3.2-1.noarch.rpm<\/pre>\n<\/div>\n
\u670d\u52a1\u5668\u53ea\u9700\u8981\u5b89\u88c5e\u3001l\u3001k, \u5ba2\u6237\u7aef\u53ea\u9700\u8981\u5b89\u88c5filebeat\u3002<\/p>\n
3.4.\u5b89\u88c5elasticsearch\uff0c\u5148\u5b89\u88c5jdk\uff0celk server \u9700\u8981java \u5f00\u53d1\u73af\u5883\u652f\u6301\uff0c\u7531\u4e8e\u5ba2\u6237\u7aef\u4e0a\u4f7f\u7528\u7684\u662ffilebeat\u8f6f\u4ef6\uff0c\u5b83\u4e0d\u4f9d\u8d56java\u73af\u5883\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u5b89\u88c5\u3002<\/p>\n
\n
[root@elk elk]# yum install java-1.8.0-openjdk -y<\/pre>\n<\/div>\n
\u5b89\u88c5es<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# yum localinstall elasticsearch-2.3.3.rpm -y\n.....\n  Installing : elasticsearch-2.3.3-1.noarch                                                                                             1\/1\n### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd\n sudo systemctl daemon-reload\n sudo systemctl enable elasticsearch.service\n### You can start elasticsearch service by executing\n sudo systemctl start elasticsearch.service\n  Verifying  : elasticsearch-2.3.3-1.noarch                                                                                             1\/1\n\nInstalled:\n  elasticsearch.noarch 0:2.3.3-1\n\n\n<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u91cd\u65b0\u8f7d\u5165 systemd\uff0c\u626b\u63cf\u65b0\u7684\u6216\u6709\u53d8\u52a8\u7684\u5355\u5143\uff1b\u542f\u52a8\u5e76\u52a0\u5165\u5f00\u673a\u81ea\u542f\u52a8<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# systemctl daemon-reload\n[root@elk elk]# systemctl enable elasticsearch\nCreated symlink from \/etc\/systemd\/system\/multi-user.target.wants\/elasticsearch.service to \/usr\/lib\/systemd\/system\/elasticsearch.service.\n[root@elk elk]# systemctl start elasticsearch\n[root@elk elk]# systemctl status elasticsearch\n\u25cf elasticsearch.service - Elasticsearch\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/elasticsearch.service; enabled; vendor preset: disabled)\n   Active: active (running) since Fri 2016-05-20 15:38:35 CST; 12s ago\n     Docs: http:\/\/www.elastic.co\n  Process: 10428 ExecStartPre=\/usr\/share\/elasticsearch\/bin\/elasticsearch-systemd-pre-exec (code=exited, status=0\/SUCCESS)\n Main PID: 10430 (java)\n   CGroup: \/system.slice\/elasticsearch.service\n           \u2514\u250010430 \/bin\/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancy...\n\nMay 20 15:38:38 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:38,279][INFO ][env                      ] [James Howlett] heap...[true]\nMay 20 15:38:38 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:38,279][WARN ][env                      ] [James Howlett] max ...65536]\nMay 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,726][INFO ][node                     ] [James Howlett] initialized\nMay 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,726][INFO ][node                     ] [James Howlett] starting ...\nMay 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,915][INFO ][transport                ] [James Howlett] publ...:9300}\nMay 20 15:38:41 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:41,920][INFO ][discovery                ] [James Howlett] elas...xx35hw\nMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,099][INFO ][cluster.service          ] [James Howlett] new_...eived)\nMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,164][INFO ][gateway                  ] [James Howlett] reco..._state\nMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,185][INFO ][http                     ] [James Howlett] publ...:9200}\nMay 20 15:38:45 elk.test.com elasticsearch[10430]: [2016-05-20 15:38:45,185][INFO ][node                     ] [James Howlett] started\nHint: Some lines were ellipsized, use -l to show in full.<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
 <\/p>\n
\u68c0\u67e5\u670d\u52a1<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# rpm -qc elasticsearch\n\/etc\/elasticsearch\/elasticsearch.yml\n\/etc\/elasticsearch\/logging.yml\n\/etc\/init.d\/elasticsearch\n\/etc\/sysconfig\/elasticsearch\n\/usr\/lib\/sysctl.d\/elasticsearch.conf\n\/usr\/lib\/systemd\/system\/elasticsearch.service\n\/usr\/lib\/tmpfiles.d\/elasticsearch.conf\n[root@elk elk]# netstat -nltp | grep java\ntcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      10430\/java\ntcp6       0      0 ::1:9200                :::*                    LISTEN      10430\/java\ntcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      10430\/java\ntcp6       0      0 ::1:9300                :::*                    LISTEN      10430\/java<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u4fee\u6539\u9632\u706b\u5899\uff0c\u5c069200\u30019300 \u7aef\u53e3\u5bf9\u5916\u5f00\u653e<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# firewall-cmd --permanent --add-port={9200\/tcp,9300\/tcp}\nsuccess\n[root@elk elk]# firewall-cmd --reload\nsuccess\n[root@elk elk]# firewall-cmd  --list-all\npublic (default, active)\n  interfaces: eno16777984 eno33557248\n  sources:\n  services: dhcpv6-client ssh\n  ports: 9200\/tcp 9300\/tcp\n  masquerade: no\n  forward-ports:\n  icmp-blocks:\n  rich rules:<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
3.5 \u5b89\u88c5kibana<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# yum localinstall kibana-4.5.1-1.x86_64.rpm \u2013y\n[root@elk elk]# systemctl enable kibana\nCreated symlink from \/etc\/systemd\/system\/multi-user.target.wants\/kibana.service to \/usr\/lib\/systemd\/system\/kibana.service.\n[root@elk elk]# systemctl start kibana\n\n[root@elk elk]# systemctl status kibana\n\u25cf kibana.service - no description given\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/kibana.service; enabled; vendor preset: disabled)\n   Active: active (running) since Fri 2016-05-20 15:49:02 CST; 20s ago\n Main PID: 11260 (node)\n   CGroup: \/system.slice\/kibana.service\n           \u2514\u250011260 \/opt\/kibana\/bin\/..\/node\/bin\/node \/opt\/kibana\/bin\/..\/src\/cli\n\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:elasticsearch...\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:kbn_vi...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:markdo...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:metric...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:spyMod...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:status...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"status\",\"plugin:table_...lized\"}\nMay 20 15:49:05 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:05+00:00\",\"tags\":[\"listening\",\"info\"],\"pi...:5601\"}\nMay 20 15:49:10 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:10+00:00\",\"tags\":[\"status\",\"plugin:elasticsearch...\nMay 20 15:49:14 elk.test.com kibana[11260]: {\"type\":\"log\",\"@timestamp\":\"2016-05-20T07:49:14+00:00\",\"tags\":[\"status\",\"plugin:elasti...found\"}\nHint: Some lines were ellipsized, use -l to show in full.<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u68c0\u67e5kibana\u670d\u52a1\u8fd0\u884c\uff08Kibana\u9ed8\u8ba4 \u8fdb\u7a0b\u540d\uff1anode \uff0c\u7aef\u53e35601\uff09<\/p>\n
\n
[root@elk elk]# netstat -nltp\nActive Internet connections (only servers)\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name\ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      909\/sshd\ntcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1595\/master\ntcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      11260\/node<\/pre>\n<\/div>\n
\u4fee\u6539\u9632\u706b\u5899\uff0c\u5bf9\u5916\u5f00\u653etcp\/5601<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# firewall-cmd --permanent --add-port=5601\/tcp\nSuccess\n[root@elk elk]# firewall-cmd --reload\nsuccess\n[root@elk elk]# firewall-cmd --list-all\npublic (default, active)\n  interfaces: eno16777984 eno33557248\n  sources:\n  services: dhcpv6-client ssh\n  ports: 9200\/tcp 9300\/tcp 5601\/tcp\n  masquerade: no\n  forward-ports:\n  icmp-blocks:\n  rich rules:<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u8fd9\u65f6\uff0c\u6211\u4eec\u53ef\u4ee5\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u6d4b\u8bd5\u8bbf\u95ee\u4e00\u4e0bkibana\u670d\u52a1\u5668http:\/\/192.168.30.67:5601\/\uff0c\u786e\u8ba4\u6ca1\u6709\u95ee\u9898\uff0c\u5982\u4e0b\u56fe\uff1a
\n\"\"<\/p>\n
\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u53ef\u4ee5\u4fee\u6539\u9632\u706b\u5899\uff0c\u5c06\u7528\u6237\u8bbf\u95ee80\u7aef\u53e3\u8fde\u63a5\u8f6c\u53d1\u52305601\u4e0a\uff0c\u8fd9\u6837\u53ef\u4ee5\u76f4\u63a5\u8f93\u5165\u7f51\u5740\u4e0d\u7528\u6307\u5b9a\u7aef\u53e3\u4e86\uff0c\u5982\u4e0b:<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=5601\n[root@elk elk]# firewall-cmd --reload\n[root@elk elk]# firewall-cmd --list-all\npublic (default, active)\n  interfaces: eno16777984 eno33557248\n  sources:\n  services: dhcpv6-client ssh\n  ports: 9200\/tcp 9300\/tcp 5601\/tcp\n  masquerade: no\n  forward-ports: port=80:proto=tcp:toport=5601:toaddr=\n  icmp-blocks:\n  rich rules:<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
3.6 \u5b89\u88c5logstash\uff0c\u4ee5\u53ca\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6<\/p>\n
\n
[root@elk elk]# yum localinstall logstash-2.3.2-1.noarch.rpm \u2013y<\/pre>\n<\/div>\n
\u751f\u6210\u8bc1\u4e66<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elk]# cd \/etc\/pki\/tls\/\n[root@elk tls]# ls\ncert.pem  certs  misc  openssl.cnf  private\n\n[root@elk tls]# openssl req -subj '\/CN=elk.test.com\/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private\/logstash-forwarder.key -out\ncerts\/logstash-forwarder.crt\nGenerating a 2048 bit RSA private key\n...................................................................+++\n......................................................+++\nwriting new private key to 'private\/logstash-forwarder.key'\n-----<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u4e4b\u540e\u521b\u5efalogstash \u7684\u914d\u7f6e\u6587\u4ef6\u3002\u5982\u4e0b\uff1a<\/p>\n
\"\"<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk ~]# cat \/etc\/logstash\/conf.d\/01-logstash-initial.conf\ninput {\n  beats {\n    port => 5000\n    type => \"logs\"\n    ssl => true\n    ssl_certificate => \"\/etc\/pki\/tls\/certs\/logstash-forwarder.crt\"\n    ssl_key => \"\/etc\/pki\/tls\/private\/logstash-forwarder.key\"\n  }\n}\n\nfilter {\n  if [type] == \"syslog-beat\" {\n    grok {\n      match => { \"message\" => \"%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\[%{POSINT:syslog_pid}\\])?: %{GREEDYDATA:syslog_message}\" }\n      add_field => [ \"received_at\", \"%{@timestamp}\" ]\n      add_field => [ \"received_from\", \"%{host}\" ]\n    }\n    geoip {\n      source => \"clientip\"\n    }\n    syslog_pri {}\n    date {\n      match => [ \"syslog_timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ]\n    }\n  }\n}\n\noutput {\n  elasticsearch { }\n  stdout { codec => rubydebug }\n}<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n<\/div>\n
\u542f\u52a8logstash\uff0c\u5e76\u68c0\u67e5\u7aef\u53e3\uff0c\u914d\u7f6e\u6587\u4ef6\u91cc\uff0c\u6211\u4eec\u5199\u7684\u662f5000\u7aef\u53e3<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk conf.d]# systemctl start logstash\n[root@elk elk]# \/sbin\/chkconfig logstash on\n[root@elk conf.d]# netstat -ntlp\nActive Internet connections (only servers)\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name\ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      909\/sshd\ntcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1595\/master\ntcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      11260\/node\ntcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      618\/rsyslogd\ntcp6       0      0 :::5000                 :::*                    LISTEN      12819\/java\ntcp6       0      0 :::3306                 :::*                    LISTEN      1270\/mysqld\ntcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      10430\/java\ntcp6       0      0 ::1:9200                :::*                    LISTEN      10430\/java\ntcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      10430\/java\ntcp6       0      0 ::1:9300                :::*                    LISTEN      10430\/java\ntcp6       0      0 :::22                   :::*                    LISTEN      909\/sshd\ntcp6       0      0 ::1:25                  :::*                    LISTEN      1595\/master\ntcp6       0      0 :::514                  :::*                    LISTEN      618\/rsyslogd<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
 <\/p>\n
\u4fee\u6539\u9632\u706b\u5899\uff0c\u5c065000\u7aef\u53e3\u5bf9\u5916\u5f00\u653e\u3002<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk ~]# firewall-cmd --permanent --add-port=5000\/tcp\nsuccess\n[root@elk ~]# firewall-cmd --reload\nsuccess\n[root@elk ~]# firewall-cmd --list-all\npublic (default, active)\n  interfaces: eno16777984 eno33557248\n  sources:\n  services: dhcpv6-client ssh\n  ports: 9200\/tcp 9300\/tcp 5000\/tcp 5601\/tcp\n  masquerade: no\n  forward-ports: port=80:proto=tcp:toport=5601:toaddr=\n  icmp-blocks:\n  rich rules:<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
3.7 \u4fee\u6539elasticsearch \u914d\u7f6e\u6587\u4ef6<\/p>\n
\u67e5\u770b\u76ee\u5f55\uff0c\u521b\u5efa\u6587\u4ef6\u5939es-01\uff08\u540d\u5b57\u4e0d\u662f\u5fc5\u987b\u7684\uff09,logging.yml\u662f\u81ea\u5e26\u7684\uff0celasticsearch.yml\u662f\u521b\u5efa\u7684\u6587\u4ef6\uff0c\u5185\u5982\u89c1\u4e0b\uff1a<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk ~]# cd \/etc\/elasticsearch\/\n[root@elk elasticsearch]# tree\n.\n\u251c\u2500\u2500 es-01\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 elasticsearch.yml\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 logging.yml\n\u2514\u2500\u2500 scripts<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@elk elasticsearch]# cat es-01\/elasticsearch.yml\n----\nhttp:\n  port: 9200\nnetwork:\n  host: elk.test.com\nnode:\n  name: elk.test.com\npath:\n  data: \/etc\/elasticsearch\/data\/es-01<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
3.8 \u91cd\u542felasticsearch\u3001logstash\u670d\u52a1\u3002<\/p>\n
3.9\u00a0\u5c06 fiebeat\u5b89\u88c5\u5305\u62f7\u8d1d\u5230 rsyslog\u3001nginx \u5ba2\u6237\u7aef\u4e0a<\/p>\n
\n
[root@elk elk]# scp filebeat-1.2.3-x86_64.rpm root@rsyslog.test.com:\/root\/elk\n[root@elk elk]# scp filebeat-1.2.3-x86_64.rpm root@nginx.test.com:\/root\/elk\n[root@elk elk]# scp \/etc\/pki\/tls\/certs\/logstash-forwarder.crt rsyslog.test.com:\/root\/elk\n[root@elk elk]# scp \/etc\/pki\/tls\/certs\/logstash-forwarder.crt nginx.test.com:\/root\/elk<\/pre>\n<\/div>\n
 <\/p>\n
\u56db\u3001\u5ba2\u6237\u7aef\u90e8\u7f72filebeat\uff08\u5728rsyslog\u3001nginx\u5ba2\u6237\u7aef\u4e0a\u64cd\u4f5c\uff09<\/p>\n
\"\"<\/p>\n
filebeat\u5ba2\u6237\u7aef\u662f\u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684\uff0c\u4ece\u670d\u52a1\u5668\u4e0a\u7684\u6587\u4ef6\u6536\u96c6\u65e5\u5fd7\u8d44\u6e90\u7684\u5de5\u5177\uff0c\u8fd9\u4e9b\u65e5\u5fd7\u8f6c\u53d1\u5230\u5904\u7406\u5230Logstash\u670d\u52a1\u5668\u4e0a\u3002\u8be5Filebeat\u5ba2\u6237\u7aef\u4f7f\u7528\u5b89\u5168\u7684Beats\u534f\u8bae\u4e0eLogstash\u5b9e\u4f8b\u901a\u4fe1\u3002lumberjack\u534f\u8bae\u88ab\u8bbe\u8ba1\u4e3a\u53ef\u9760\u6027\u548c\u4f4e\u5ef6\u8fdf\u3002Filebeat\u4f7f\u7528\u6258\u7ba1\u6e90\u6570\u636e\u7684\u8ba1\u7b97\u673a\u7684\u8ba1\u7b97\u8d44\u6e90\uff0c\u5e76\u4e14Beats\u8f93\u5165\u63d2\u4ef6\u5c3d\u91cf\u51cf\u5c11\u5bf9Logstash\u7684\u8d44\u6e90\u9700\u6c42\u3002<\/p>\n
4.1.\uff08node1\uff09\u5b89\u88c5filebeat\uff0c\u62f7\u8d1d\u8bc1\u4e66\uff0c\u521b\u5efa\u6536\u96c6\u65e5\u5fd7\u914d\u7f6e\u6587\u4ef6<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@rsyslog elk]# yum localinstall filebeat-1.2.3-x86_64.rpm -y\n#\u62f7\u8d1d\u8bc1\u4e66\u5230\u672c\u673a\u6307\u5b9a\u76ee\u5f55\u4e2d\n[root@rsyslog elk]# cp logstash-forwarder.crt \/etc\/pki\/tls\/certs\/.\n[root@rsyslog elk]# cd \/etc\/filebeat\/\n[root@rsyslog filebeat]# tree\n.\n\u251c\u2500\u2500 conf.d\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 authlogs.yml\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 syslogs.yml\n\u251c\u2500\u2500 filebeat.template.json\n\u2514\u2500\u2500 filebeat.yml\n\n1 directory, 4 files<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u4fee\u6539\u7684\u6587\u4ef6\u67093\u4e2a\uff0cfilebeat.yml\uff0c\u662f\u5b9a\u4e49\u8fde\u63a5logstash \u670d\u52a1\u5668\u7684\u914d\u7f6e\u3002conf.d\u76ee\u5f55\u4e0b\u76842\u4e2a\u914d\u7f6e\u6587\u4ef6\u662f\u81ea\u5b9a\u4e49\u76d1\u63a7\u65e5\u5fd7\u7684\uff0c\u4e0b\u9762\u770b\u4e0b\u5404\u81ea\u7684\u5185\u5bb9\uff1a<\/p>\n
filebeat.yml<\/p>\n
\"\"<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@rsyslog filebeat]# cat filebeat.yml\nfilebeat:\n  spool_size: 1024\n  idle_timeout: 5s\n  registry_file: .filebeat\n  config_dir: \/etc\/filebeat\/conf.d\noutput:\n  logstash:\n    hosts:\n    - elk.test.com:5000\n    tls:\n      certificate_authorities: [\"\/etc\/pki\/tls\/certs\/logstash-forwarder.crt\"]\n    enabled: true\nshipper: {}\nlogging: {}\nrunoptions: {}<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n<\/div>\n
authlogs.yml \u00a0& syslogs.yml<\/p>\n
\"\"<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@rsyslog filebeat]# cat conf.d\/authlogs.yml\nfilebeat:\n  prospectors:\n    - paths:\n      - \/var\/log\/secure\n      encoding: plain\n      fields_under_root: false\n      input_type: log\n      ignore_older: 24h\n      document_type: syslog-beat\n      scan_frequency: 10s\n      harvester_buffer_size: 16384\n      tail_files: false\n      force_close_files: false\n      backoff: 1s\n      max_backoff: 1s\n      backoff_factor: 2\n      partial_line_waiting: 5s\n      max_bytes: 10485760\n\n[root@rsyslog filebeat]# cat conf.d\/syslogs.yml\nfilebeat:\n  prospectors:\n    - paths:\n      - \/var\/log\/messages\n      encoding: plain\n      fields_under_root: false\n      input_type: log\n      ignore_older: 24h\n      document_type: syslog-beat\n      scan_frequency: 10s\n      harvester_buffer_size: 16384\n      tail_files: false\n      force_close_files: false\n      backoff: 1s\n      max_backoff: 1s\n      backoff_factor: 2\n      partial_line_waiting: 5s\n      max_bytes: 10485760<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n<\/div>\n
\u4fee\u6539\u5b8c\u6210\u540e\uff0c\u542f\u52a8filebeat\u670d\u52a1<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@rsyslog filebeat]# service filebeat start\nStarting filebeat:                                         [  OK  ]\n[root@rsyslog filebeat]# chkconfig filebeat on\n\n[root@rsyslog filebeat]# netstat -altp\nActive Internet connections (servers and established)\nProto Recv-Q Send-Q Local Address               Foreign Address             State       PID\/Program name\ntcp        0      0 localhost:25151             *:*                         LISTEN      6230\/python2\ntcp        0      0 *:ssh                       *:*                         LISTEN      5509\/sshd\ntcp        0      0 localhost:ipp               *:*                         LISTEN      1053\/cupsd\ntcp        0      0 localhost:smtp              *:*                         LISTEN      1188\/master\ntcp        0      0 rsyslog.test.com:51155      elk.test.com:commplex-main  ESTABLISHED 7443\/filebeat\ntcp        0     52 rsyslog.test.com:ssh        192.168.30.65:10580         ESTABLISHED 7164\/sshd\ntcp        0      0 *:ssh                       *:*                         LISTEN      5509\/sshd\ntcp        0      0 localhost:ipp               *:*                         LISTEN      1053\/cupsd\ntcp        0      0 localhost:smtp              *:*                         LISTEN      1188\/master<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u5982\u679c\u8fde\u63a5\u4e0d\u4e0a\uff0c\u72b6\u6001\u4e0d\u6b63\u5e38\u7684\u8bdd\uff0c\u68c0\u67e5\u4e0b\u5ba2\u6237\u7aef\u7684\u9632\u706b\u5899\u3002<\/p>\n
4.2. \uff08node2\uff09\u5b89\u88c5filebeat\uff0c\u62f7\u8d1d\u8bc1\u4e66\uff0c\u521b\u5efa\u6536\u96c6\u65e5\u5fd7\u914d\u7f6e\u6587\u4ef6<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@nginx elk]# yum localinstall filebeat-1.2.3-x86_64.rpm -y\n[root@nginx elk]# cp logstash-forwarder.crt \/etc\/pki\/tls\/certs\/.\n[root@nginx elk]# cd \/etc\/filebeat\/\n[root@nginx filebeat]# tree\n.\n\u251c\u2500\u2500 conf.d\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 nginx.yml\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 syslogs.yml\n\u251c\u2500\u2500 filebeat.template.json\n\u2514\u2500\u2500 filebeat.yml\n\n1 directory, 4 files<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
\u4fee\u6539filebeat.yml \u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n
\"\"<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@rsyslog filebeat]# cat filebeat.yml\nfilebeat:\n  spool_size: 1024\n  idle_timeout: 5s\n  registry_file: .filebeat\n  config_dir: \/etc\/filebeat\/conf.d\noutput:\n  logstash:\n    hosts:\n    - elk.test.com:5000\n    tls:\n      certificate_authorities: [\"\/etc\/pki\/tls\/certs\/logstash-forwarder.crt\"]\n    enabled: true\nshipper: {}\nlogging: {}\nrunoptions: {}<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n<\/div>\n
syslogs.yml & nginx.yml<\/p>\n
\"\"<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@nginx filebeat]# cat conf.d\/syslogs.yml\nfilebeat:\n  prospectors:\n    - paths:\n      - \/var\/log\/messages\n      encoding: plain\n      fields_under_root: false\n      input_type: log\n      ignore_older: 24h\n      document_type: syslog-beat\n      scan_frequency: 10s\n      harvester_buffer_size: 16384\n      tail_files: false\n      force_close_files: false\n      backoff: 1s\n      max_backoff: 1s\n      backoff_factor: 2\n      partial_line_waiting: 5s\n      max_bytes: 10485760\n\n[root@nginx filebeat]# cat conf.d\/nginx.yml\nfilebeat:\n  prospectors:\n    - paths:\n      - \/var\/log\/nginx\/access.log\n      encoding: plain\n      fields_under_root: false\n      input_type: log\n      ignore_older: 24h\n      document_type: syslog-beat\n      scan_frequency: 10s\n      harvester_buffer_size: 16384\n      tail_files: false\n      force_close_files: false\n      backoff: 1s\n      max_backoff: 1s\n      backoff_factor: 2\n      partial_line_waiting: 5s\n      max_bytes: 10485760<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n<\/div>\n
\u4fee\u6539\u5b8c\u6210\u540e\uff0c\u542f\u52a8filebeat\u670d\u52a1\uff0c\u5e76\u68c0\u67e5filebeat\u8fdb\u7a0b<\/p>\n
\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n
[root@nginx filebeat]# service filebeat start\nStarting filebeat:                                         [  OK  ]\n[root@nginx filebeat]# chkconfig filebeat on\n\n[root@nginx filebeat]# netstat -aulpt\nActive Internet connections (servers and established)\nProto Recv-Q Send-Q Local Address               Foreign Address             State       PID\/Program name\ntcp        0      0 *:ssh                       *:*                         LISTEN      1076\/sshd\ntcp        0      0 localhost:smtp              *:*                         LISTEN      1155\/master\ntcp        0      0 *:http                      *:*                         LISTEN      1446\/nginx\ntcp        0     52 nginx.test.com:ssh          192.168.30.65:11690         ESTABLISHED 1313\/sshd\ntcp        0      0 nginx.test.com:49500        elk.test.com:commplex-main  ESTABLISHED 1515\/filebeat\ntcp        0      0 nginx.test.com:ssh          192.168.30.65:6215          ESTABLISHED 1196\/sshd\ntcp        0      0 nginx.test.com:ssh          192.168.30.65:6216          ESTABLISHED 1200\/sshd\ntcp        0      0 *:ssh                       *:*                         LISTEN      1076\/sshd<\/pre>\n
\"\u590d\u5236\u4ee3\u7801\"<\/a><\/span><\/div>\n<\/div>\n
 <\/p>\n
\u901a\u8fc7\u4e0a\u9762\u53ef\u4ee5\u770b\u51fa\uff0c\u5ba2\u6237\u7aeffilebeat\u8fdb\u7a0b\u5df2\u7ecf\u548c elk \u670d\u52a1\u5668\u8fde\u63a5\u4e86\u3002\u4e0b\u9762\u53bb\u9a8c\u8bc1\u3002<\/p>\n
\u4e94\u3001\u9a8c\u8bc1\uff0c\u8bbf\u95eekibana http:\/\/192.168.30.67<\/p>\n
5.1 \u8bbe\u7f6e\u4e0b<\/p>\n
\"\"<\/p>\n
\u67e5\u770b\u4e0b\u4e24\u53f0\u673a\u5668\u7684\u7cfb\u7edf\u65e5\u5fd7\uff1anode1\u7684<\/p>\n
\"\"<\/p>\n
node2\u7684nginx \u8bbf\u95ee\u65e5\u5fd7<\/p>\n
\"\"<\/p>\n
 <\/p>\n
\u516d\u3001\u4f53\u9a8c<\/p>\n
\u4e4b\u524d\u5728\u5b66\u4e60rsyslog +LogAnalyzer\uff0c\u7136\u540e\u53c8\u5b66\u4e86\u8fd9\u4e2a\u4e4b\u540e\uff0c\u53d1\u73b0elk \u4e0d\u7ba1\u4ece\u6574\u4f53\u7cfb\u7edf\uff0c\u8fd8\u662f\u4f53\u9a8c\u90fd\u662f\u4e0d\u9519\u7684\uff0c\u800c\u4e14\u66f4\u65b0\u5feb\u3002\u540e\u7eed\u4f1a\u7ee7\u7eed\u5b66\u4e60\uff0c\u66f4\u65b0\u76f8\u5173\u7684\u76d1\u63a7\u8fc7\u6ee4\u65e5\u5fd7\u65b9\u6cd5\uff0c\u65e5\u5fd7\u5206\u6790\uff0c\u4ee5\u53ca\u4f7f\u7528kafka \u6765\u8fdb\u884c\u5b58\u50a8\u7684\u67b6\u6784\u3002<\/p>\n
 <\/p>\n
\u672c\u6587\u7ae0\u5c5e\u4e8e\u539f\u521b\uff0c\u5982\u679c\u89c9\u5f97\u6709\u4ef7\u503c\uff0c\u8f6c\u8f7d\u65f6\u8bf7\u6ce8\u660e\u51fa\u5904\u3002\u8c22\u8c22<\/p>\n
\u53c2\u8003\u7f51\u7ad9\uff1ahttps:\/\/www.elastic.co\/products\/elasticsearch<\/p>\n
https:\/\/www.elastic.co\/downloads<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u4ecb\u7ecd The Elastic Stack\u00a0– \u5b83\u4e0d\u662f\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u800c\u662fElasticsearch\uff0cLogstash\uff0cKibana \u5f00\u6e90\u8f6f\u4ef6\u7684\u96c6\u5408\uff0c\u5bf9\u5916\u662f\u4f5c\u4e3a\u4e00\u4e2a\u65e5\u5fd7\u7ba1\u7406\u7cfb\u7edf\u7684\u5f00\u6e90\u65b9\u6848\u3002\u5b83\u53ef\u4ee5\u4ece\u4efb\u4f55\u6765\u6e90\uff0c\u4efb\u4f55\u683c\u5f0f\u8fdb\u884c\u65e5\u5fd7\u641c\u7d22\uff0c\u5206\u6790\u83b7\u53d6\u6570\u636e\uff0c\u5e76\u5b9e\u65f6\u8fdb\u884c\u5c55\u793a\u3002\u50cf\u76fe\u724c\uff08\u5b89\u5168\uff09\uff0c\u76d1\u62a4\u8005\uff08\u8b66\u62a5\uff09\u548cMarvel\uff08\u76d1\u6d4b\uff09\u4e00\u6837\u4e3a\u4f60\u7684\u4ea7\u54c1\u63d0\u4f9b\u66f4\u591a\u7684\u53ef\u80fd\u3002 Elasticsearch\uff1a\u641c\u7d22\uff0c\u63d0\u4f9b\u5206\u5e03\u5f0f\u5168\u6587\u641c\u7d22\u5f15\u64ce Logstash: \u65e5\u5fd7\u6536\u96c6\uff0c\u7ba1\u7406\uff0c\u5b58\u50a8 Kibana \uff1a\u65e5\u5fd7\u7684\u8fc7\u6ee4web \u5c55\u793a Filebeat\uff1a\u76d1\u63a7\u65e5\u5fd7\u6587\u4ef6\u3001\u8f6c\u53d1 \u4e8c\u3001\u6d4b\u8bd5\u73af\u5883\u89c4\u5212\u56fe \u73af\u5883\uff1aip\u3001\u4e3b\u673a\u540d\u6309\u7167\u5982\u4e0a\u89c4\u5212\uff0c\u7cfb\u7edf\u5df2\u7ecf update. \u6240\u6709\u4e3b\u673a\u65f6\u95f4\u4e00\u81f4\u3002\u9632\u706b\u5899\u6d4b\u8bd5\u73af\u5883\u5df2\u5173\u95ed\u3002\u4e0b\u9762\u662f\u8fd9\u6b21elk\u5b66\u4e60\u7684\u90e8\u7f72\u5b89\u88c5 \u76ee\u7684\uff1a\u901a\u8fc7elk \u4e3b\u673a\u6536\u96c6\u76d1\u63a7\u4e3b\u8981server\u7684\u7cfb\u7edf\u65e5\u5fd7\u3001\u4ee5\u53ca\u7ebf\u4e0a\u5e94\u7528\u670d\u52a1\u65e5\u5fd7\u3002 \u4e09\u3001Elasticsearch+Logstash+Kibana\u7684\u5b89\u88c5\uff08\u5728 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-923","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=923"}],"version-history":[{"count":0,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/923\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}