{"id":41229,"date":"2023-06-08T22:08:31","date_gmt":"2023-10-13T03:43:36","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/"},"modified":"2024-04-30T07:57:43","modified_gmt":"2024-04-29T23:57:43","slug":"%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/","title":{"rendered":"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow"},"content":{"rendered":"<p>\u672c\u6b21\u6211\u4eec\u5c06\u8bbe\u7f6eNetFlow\u76d1\u89c6\u73af\u5883\uff0c\u4ee5\u786e\u5b9a\u8bbf\u95eeVyOS\u7684\u7ec8\u7aef\u8bbe\u5907\uff08IP\u5730\u5740\uff09\u662f\u5426\u5408\u6cd5\u3002\u6211\u4eec\u5c06\u5728Ubuntu 16.04\u4e0a\u642d\u5efaFluent\u3001Elasticsearch\u548cKibana\u7684\u914d\u7f6e\uff0c\u4f5c\u4e3aNetFlow\u7684\u6536\u96c6\u5668\u670d\u52a1\u5668\u3002<\/p>\n<h1>\u89e3\u91ca\u672f\u8bed<\/h1>\n<p>\u56e0\u4e3a\u8fd9\u6b21\u8981\u7528\u7684\u5305\u5bf9\u6211\u81ea\u5df1\u6765\u8bf4\u4e5f\u662f\u7b2c\u4e00\u6b21\u4f7f\u7528\uff0c\u6240\u4ee5\u6211\u4f1a\u5199\u4e0b\u7b80\u5355\u7684\u8bf4\u660e\u3002<\/p>\n<h2>\u6d41\u7545\u65e5\u5fd7\u6570\u636e\u6536\u96c6\u5de5\u5177<\/h2>\n<p>Fluentd\uff08\u30d5\u30eb\u30a8\u30f3\u30c8\u30c7\u30a3\u30fc\uff09\u662f\u4e00\u6b3e\u65e5\u5fd7\u6536\u96c6\u7ba1\u7406\u5de5\u5177\u3002\u5b83\u4ee5\u5f00\u6e90\u8f6f\u4ef6\u5f62\u5f0f\u63d0\u4f9b\uff0c\u5e76\u53ef\u5728Linux\u548c\u5404\u79cdUnix\u7cfb\u7edf\u4e0a\u8fd0\u884c\u3002\u867d\u7136\u6240\u8bf4\u7684\u65e5\u5fd7\u7c7b\u578b\u6709\u5f88\u591a\uff0c\u4f8b\u5982syslog\u3001access-log\u548cFlow\u4fe1\u606f\u7b49\uff0c\u4f46\u5728Fluentd\u4e2d\uff0c\u4e8b\u4ef6\u7684\u63a5\u6536\uff08input\uff09\u548c\u5b58\u50a8\uff08output\uff09\u90fd\u4ee5\u63d2\u4ef6\u5f62\u5f0f\u5b9e\u73b0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u5c06\u4f7f\u7528fluent-plugin-netflow\u6765\u63a5\u6536NetFlow\u4fe1\u606f\uff08input\uff09\uff0c\u5e76\u4f7f\u7528fluent-plugin-elasticsearch\u5bf9\u5176\u8fdb\u884c\u89e3\u6790\u5e76\u5b58\u50a8\u5230Elasticsearch\uff08output\uff09\u4e2d\u3002<\/p>\n<p>\u6b64\u5916\uff0cFluentd\u4ee5\u6807\u7b7e\u7ba1\u7406\u65e5\u5fd7\u7c7b\u578b\uff0c\u800c\u65e5\u5fd7\u5185\u5bb9\u4ee5JSON\u683c\u5f0f\u8868\u793a\u3002\u7262\u8bb0\u8fd9\u4e00\u70b9\u6709\u52a9\u4e8e\u7406\u89e3\u540e\u7eed\u7684\u914d\u7f6e\u5185\u5bb9\u3002<\/p>\n<p>\u7531\u4e8eFluentd\u5177\u6709\u7075\u6d3b\u6027\u7684\u4f18\u70b9\uff0c\u6211\u8ba4\u4e3a\u5b83\u4e0d\u4ec5\u9002\u7528\u4e8e\u5f53\u524d\u73af\u5883\uff0c\u8fd8\u53ef\u4ee5\u4e0e\u5404\u79cd\u7f16\u7a0b\u8bed\u8a00\u548c\u670d\u52a1\u8fdb\u884c\u534f\u540c\u64cd\u4f5c\u3002<\/p>\n<h2>Elasticsearch \u5f39\u6027\u641c\u7d22<\/h2>\n<p>Elasticsearch\uff08\u30a8\u30e9\u30b9\u30c6\u30a3\u30c3\u30af\u30b5\u30fc\u30c1\uff09\u662f\u4e00\u79cd\u5168\u6587\u641c\u7d22\u5f15\u64ce\u3002\u5168\u6587\u641c\u7d22\u5f15\u64ce\u662f\u4e00\u79cd\u80fd\u591f\u5206\u6790\u5927\u91cf\u6570\u636e\u5e76\u8fdb\u884c\u641c\u7d22\u548c\u63d0\u53d6\u7279\u5b9a\u6570\u636e\u7684\u673a\u5236\u3002\u5b83\u662f\u5f00\u6e90\u8f6f\u4ef6\uff0c\u53ef\u4ee5\u5728Linux\u548c\u5404\u79cdUnix\u7cfb\u7edf\u4e0a\u8fd0\u884c\u3002<\/p>\n<p>\u5b83\u5177\u6709\u5404\u79cd\u7279\u70b9\uff0c\u5176\u4e2d\u7a81\u51fa\u7684\u662f\u5206\u6790\u7684\u7075\u6d3b\u6027\u548c\u901f\u5ea6\u3002\u60a8\u53ef\u4ee5\u8f7b\u677e\u4f7f\u7528\u5f3a\u5927\u7684\u641c\u7d22\u529f\u80fd\uff0c\u800c\u4e14\u7531\u4e8e\u4f7f\u7528REST\u63a5\u53e3\u8fdb\u884c\u8f93\u5165\u548c\u8f93\u51fa\uff0c\u53ea\u8981\u4f7f\u7528JSON\u5e93\uff0c\u5c31\u53ef\u4ee5\u5728\u4efb\u4f55\u5f00\u53d1\u8bed\u8a00\u4e2d\u8fdb\u884c\u6570\u636e\u7684\u8f93\u5165\u548c\u8f93\u51fa\u3002<\/p>\n<p>\u6b64\u5916\uff0c\u5b83\u8fd8\u53ef\u4ee5\u4e0e\u5176\u4ed6\u8f6f\u4ef6\u96c6\u6210\uff0c\u5728\u4e0eKibana\u96c6\u6210\u540e\uff0c\u53ef\u4ee5\u8f7b\u677e\u5730\u5728Web\u754c\u9762\u4e0a\u53ef\u89c6\u5316\u641c\u7d22\u7ed3\u679c\u3002\u5982\u679c\u4e0e\u5927\u6570\u636e\u5904\u7406\u5e73\u53f0Hadoop\u96c6\u6210\uff0c\u53ef\u4ee5\u8f7b\u677e\u8fdb\u884c\u6587\u672c\u6570\u636e\u7684\u4e30\u5bcc\u5316\u548c\u6570\u636e\u6574\u7406\u7b49\u5904\u7406\u3002<\/p>\n<p>\u8981\u4e86\u89e3Elasticsearch\u7684\u7ed3\u6784\uff0c\u8981\u8bb0\u4f4f\u5b83\u662f\u5728\u79f0\u4e3a\u7d22\u5f15\u7684\u7c7b\u4f3c\u6570\u636e\u5e93\u7684\u533a\u57df\u4e2d\u5b58\u5728\u7c7b\u578b\uff08\u8868\uff09\u3001\u6587\u6863\uff08\u8bb0\u5f55\uff09\u3001\u5b57\u6bb5\uff08\u5217\uff09\u548c\u6587\u672c\uff08\u6570\u636e\u672c\u8eab\uff09\uff0c\u8fd9\u6837\u505a\u4e4b\u540e\u7684\u64cd\u4f5c\u4f1a\u66f4\u52a0\u6e05\u6670\u660e\u4e86\u3002<\/p>\n<h2>Kibana \u53ef\u89c6\u5316\u5206\u6790\u5f15\u64ce\u3002<\/h2>\n<p>Kibana\uff08Kibana\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u4ee5\u56fe\u8868\u5f62\u5f0f\u663e\u793aElasticsearch\u641c\u7d22\u7ed3\u679c\u7684\u5de5\u5177\u3002\u4ee5\u4e0b\u8fd9\u4e2a\u5f88\u9177\u7684\u76d1\u63a7\u754c\u9762\uff08\u53ef\u4ee5\u901a\u8fc7Web\u8bbf\u95ee\uff09\u662f\u7531Kibana\u521b\u5efa\u7684\u3002<\/p>\n<div><img decoding=\"async\" class=\"post-images\" title=\"\" src=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/9-0.jpeg\" alt=\"kibana-screenshot-aspot.jpg\" \/><\/div>\n<p>\u901a\u8fc7\u81ea\u7531\u521b\u5efa\u4eea\u8868\u76d8\u3001\u56fe\u8868\u548c\u67e5\u8be2\u8fc7\u6ee4\u5668\u6765\u5b9e\u73b0\u667a\u80fd\u76d1\u63a7\uff0c\u6211\u76ee\u524d\u4e5f\u5728\u5b66\u4e60\u5982\u4f55\u719f\u7ec3\u8fd0\u7528\u8fd9\u4e00\u70b9\u3002<\/p>\n<p>\u8fd9\u4e2a\u7f51\u7ad9\u662f\u6211\u975e\u5e38\u53c2\u8003\u7684\u4e00\u4e2a\u7f51\u7ad9\u3002<\/p>\n<ul class=\"post-ul\">\u521d\u5fc3\u8005\u306e\u305f\u3081\u306eKibana\u306e\u8a73\u3057\u3044\u4f7f\u3044\u65b9<\/ul>\n<h1>\u5904\u7406\u8fc7\u7a0b<\/h1>\n<div><img decoding=\"async\" class=\"post-images\" title=\"\" src=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/14-0.jpeg\" alt=\"NetFlow\u76e3\u8996\u306e\u6d41\u308c.jpg\" \/><\/div>\n<h1>\u521b\u5efa\u73af\u5883<\/h1>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">ubuntu 16.04<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">Fluentd(td-agent) 0.14.16<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">Elasticsearch 5.5.2<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">Kibana 5.5.2<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">VyOS 1.1.7<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">NetFlow version 5<\/ul>\n<h1>\u642d\u5efaNetFlow\u6536\u96c6\u5668<\/h1>\n<h2>\u6d41\u7545\u7684\u65e5\u5fd7\u8bb0\u5f55\u5668<\/h2>\n<p>\u8bf7\u6309\u7167\u516c\u5f0f\u7f51\u7ad9\u7684&#8221;\u4f7f\u7528rpm\u8f6f\u4ef6\u5305\u5b89\u88c5Fluentd&#8221;\u8fdb\u884c\u5b89\u88c5\u3002\u5982\u679c\u72b6\u6001\u548c\u7248\u672c\u80fd\u591f\u6b63\u5e38\u786e\u8ba4\uff0c\u90a3\u5c31OK\u3002<\/p>\n<pre class=\"post-pre\"><code>$ curl -L https:\/\/toolbelt.treasuredata.com\/sh\/install-ubuntu-xenial-td-agent3.sh | sh\r\n$ \/etc\/init.d\/td-agent restart\r\n$ \/etc\/init.d\/td-agent status\r\n$ td-agent --version\r\n<\/code><\/pre>\n<p>\u5b89\u88c5\u7528\u4e8e\u6536\u96c6\u548c\u4f20\u8f93NetFlow\u7684Fluentd\u63d2\u4ef6\uff08fluent-plugin-elasticsearch\u3001fluent-plugin-netflow\uff09\u53ca\u5176\u76f8\u5173\u5305\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo apt-get install libcurl4-openssl-dev -y\r\n$ sudo apt-get install gcc -y\r\n$ sudo \/opt\/td-agent\/embedded\/bin\/fluent-gem install fluent-plugin-elasticsearch\r\n$ sudo \/opt\/td-agent\/embedded\/bin\/fluent-gem install fluent-plugin-netflow\r\n<\/code><\/pre>\n<p>\u8bf7\u4e3a\/etc\/td-agent\/td-agent.conf\u8fdb\u884cNetFlow\u6536\u96c6\u7684\u8bbe\u7f6e\u3002\u4ee5\u4e0b\u8bbe\u7f6e\u7b49\u5f85\u63a5\u6536NetFlow version5,9\u7684\u6570\u636e\uff0c\u5e76\u4f7f\u7528\u7aef\u53e3\u53f75141\u3002\u540c\u65f6\uff0c\u6307\u5b9a\u5c06NetFlow\u6570\u636e\u4ee5\u6307\u5b9a\u7684\u6587\u4ef6\u683c\u5f0f\u4f20\u8f93\u5230localhost\u7684\u7aef\u53e3\u53f79200\u4e0a\u8fd0\u884c\u7684Elastisearch\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo vim \/etc\/td-agent\/td-agent.conf\r\n--\u7701\u7565--\r\n&lt;match netflow.**&gt;\r\n  type elasticsearch\r\n  host localhost\r\n  port 9200\r\n  type_name netflow\r\n  logstash_format true\r\n  logstash_prefix flow\r\n  logstash_dateformat %Y%m%d\r\n&lt;\/match&gt;\r\n\r\n&lt;source&gt;\r\n  type netflow\r\n  tag netflow.event\r\n  port 5141\r\n  versions [5, 9]\r\n&lt;\/source&gt;\r\n<\/code><\/pre>\n<p>\u91cd\u65b0\u542f\u52a8Fluentd\uff08td-agent\uff09\u3002<\/p>\n<pre class=\"post-pre\"><code>$ \/etc\/init.d\/td-agent restart\r\n<\/code><\/pre>\n<h2>\u5f39\u6027\u641c\u7d22<\/h2>\n<p>\u4e3a\u4e86\u8fd0\u884cElasticsearch\uff0c\u81f3\u5c11\u9700\u8981Java 7\u7248\u672c\uff0c\u56e0\u6b64\u5efa\u8bae\u5b89\u88c5Oracle JDK\u7248\u672c1.8.0_xx\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo apt-get install openjdk-8-jdk\r\n$ java -version\r\nopenjdk version \"1.8.0_131\"\r\nOpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-2ubuntu1.16.04.3-b11)\r\nOpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)\r\n<\/code><\/pre>\n<p>\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u6309\u7167\u5b98\u65b9\u7f51\u7ad9\u4e0a\u7684\u201c\u4f7f\u7528Debian\u8f6f\u4ef6\u5305\u5b89\u88c5Elasticsearch\u201d\u6587\u6863\u6765\u6784\u5efaElasticsearch\u3002<\/p>\n<p>\u6ce8\u518cElasticsearch\u5b58\u50a8\u5e93<\/p>\n<pre class=\"post-pre\"><code>wget -qO - https:\/\/packages.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -\r\n<\/code><\/pre>\n<p>\u5c06\u8f6f\u4ef6\u5305\u7684\u4e0b\u8f7d\u6765\u6e90\u5b9a\u4e49\u6dfb\u52a0\u5230\/etc\/apt\/sources.list\u6587\u4ef6\u4e2d<\/p>\n<pre class=\"post-pre\"><code>echo \"deb http:\/\/packages.elastic.co\/elasticsearch\/5.x\/debian stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elasticsearch-5.x.list\r\n<\/code><\/pre>\n<p>\u5728\u66f4\u65b0apt-get\u4e4b\u540e\uff0c\u5b89\u88c5Elasticsearch\u3002<\/p>\n<pre class=\"post-pre\"><code>sudo apt-get update\r\nsudo apt-get install elasticsearch\r\n<\/code><\/pre>\n<p>\u5c06Elasticsearch\u7684\u7248\u672c\u5347\u7ea7\u52305.5.2\uff08\u968f\u540e\u4e0e\u8981\u5b89\u88c5\u7684Kibana\u7248\u672c\u5339\u914d\uff09\u3002<\/p>\n<pre class=\"post-pre\"><code>$ curl -L -O https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-5.5.2.deb\r\n$ sudo dpkg -i elasticsearch-5.5.2.deb\r\n<\/code><\/pre>\n<p>\u4e3a\u4e86\u5141\u8bb8\u8fdc\u7a0b\u8bbf\u95ee\uff0c\u8bf7\u7f16\u8f91\/etc\/elasticsearch\/elasticsearch.yml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo vim \/etc\/elasticsearch\/elasticsearch.yml\r\n--\u7701\u7565--\r\n\r\n\u5909\u66f4\u524d\r\n#network.host: \"localhost\"\r\n\u5909\u66f4\u5f8c\r\nnetwork.host: \"0.0.0.0\"\r\n<\/code><\/pre>\n<p>\u5c06\u8bbe\u7f6e\u5e94\u7528\u5e76\u542f\u52a8Elasticsearch.<\/p>\n<pre class=\"post-pre\"><code>$ sudo systemctl daemon-reload\r\n$ sudo systemctl enable elasticsearch\r\n$ sudo systemctl start elasticsearch\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u884c\u52a8<\/p>\n<pre class=\"post-pre\"><code>$ curl http:\/\/localhost:9200\r\n\r\n\"name\" ,\"cluster_name\" ,\"cluster_uuid\" ,\"version\"\u306a\u3069\u304c\u8868\u793a\u3055\u308c\u308c\u3070OK\r\n<\/code><\/pre>\n<h2>Elasticsearch\u53ef\u89c6\u5316\u63d2\u4ef6Kibana\u3002<\/h2>\n<p>\u6ce8\u518cKibana\u5b58\u50a8\u5e93<\/p>\n<pre class=\"post-pre\"><code>$ sudo wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -\r\n<\/code><\/pre>\n<p>\u5b89\u88c5\u652f\u6301https\u7684apt\u65b9\u6cd5<\/p>\n<pre class=\"post-pre\"><code>$ sudo apt-get install apt-transport-https\r\n<\/code><\/pre>\n<p>\u5728\/etc\/apt\/sources.list\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5305\u7684\u4e0b\u8f7d\u6e90\u5b9a\u4e49\u3002<\/p>\n<pre class=\"post-pre\"><code>$ echo \"deb https:\/\/artifacts.elastic.co\/packages\/5.x\/apt stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elastic-5.x.list\r\n<\/code><\/pre>\n<p>\u5728\u66f4\u65b0apt-get\u540e\uff0c\u5b89\u88c5Kibana\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo apt-get update\r\n$ sudo apt-get install kibana\r\n<\/code><\/pre>\n<p>\u4e3a\u4e86\u5141\u8bb8\u8fdc\u7a0b\u8bbf\u95ee\uff0c\u9700\u8981\u7f16\u8f91\/etc\/kibana\/kibana.yml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo vim \/etc\/kibana\/kibana.yml\r\n--\u7701\u7565--\r\n\r\n\u5909\u66f4\u524d\r\n#server.host: \"localhost\"\r\n\u5909\u66f4\u5f8c\r\nserver.host: \"0.0.0.0\"\r\n<\/code><\/pre>\n<p>\u5e94\u7528\u914d\u7f6e\u5e76\u542f\u52a8Kibana\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo systemctl daemon-reload\r\n$ sudo systemctl enable kibana\r\n$ sudo systemctl start kibana\r\n<\/code><\/pre>\n<p>\u4e3a\u4e86\u786e\u8ba4Kibana\u662f\u5426\u6b63\u5e38\u8fd0\u884c\uff0c\u6211\u4eec\u9700\u8981\u6253\u5f00Web\u6d4f\u89c8\u5668\uff0c\u5728\u5730\u5740\u680f\u8f93\u5165http:\/\/&lt;IP\u5730\u5740|\u5b8c\u5168\u9650\u5b9a\u57df\u540d&gt;:5601\u8bbf\u95ee\u3002<\/p>\n<p>\u5982\u679cKibana\u80fd\u591f\u6ca1\u6709\u9519\u8bef\u5730\u542f\u52a8\uff0c\u5219\u5b89\u88c5\u5b8c\u6210\u3002<\/p>\n<h1>VyOS\u914d\u7f6eNetFlow<\/h1>\n<p>\u5728VyOS\u4e0a\u914d\u7f6e\u5e76\u6307\u5b9aNetFlow\u6d41\u91cf\u8bbe\u7f6e\u548c\u670d\u52a1\u5668\uff0c\u5e76\u8bbe\u7f6e\u5176\u4ed6\u9009\u9879\u3002<\/p>\n<pre class=\"post-pre\"><code># \u8a2d\u5b9a\u30e2\u30fc\u30c9\u306b\u5165\u308b\r\nconfigure\r\n\r\n# Flow\u76e3\u8996\u3059\u308b\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u306e\u6307\u5b9a\r\nset system flow-accounting interface eth0\r\n\r\n# NetFlow version 5\u3067\u52d5\u4f5c\u3055\u305b\u308b\u3053\u3068\u3092\u8a2d\u5b9a\r\nset system flow-accounting netflow version 5\r\n\r\n# \u30b5\u30f3\u30d7\u30ea\u30f3\u30b0\u30ec\u30fc\u30c8\u306e\u6307\u5b9a(300\u500b\u3054\u3068\u306b1\u500b\u306e\u30d1\u30b1\u30c3\u30c8)\r\nset system flow-accounting netflow sampling-rate 300 \r\n\r\n# Flow\u3092\u96c6\u3081\u308b\u30b5\u30fc\u30d0\u306e\u6307\u5b9a\r\nset system flow-accounting netflow server 192.168.1.100 port 5141\r\n\r\n# 60\u79d2\u3067\u52d5\u4f5c\u3057\u306a\u3051\u308c\u3070\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u3068\u307f\u306a\u3059\r\nset system flow-accounting timeout expiry-interval 60\r\n\r\n# \u5909\u66f4\u306e\u30b3\u30df\u30c3\u30c8\u304a\u3088\u3073\u8a2d\u5b9a\u4fdd\u5b58\r\ncommit\r\nsave\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u6d41\u91cf\u6838\u7b97\u662f\u5426\u6b63\u5e38\u8fd0\u4f5c\u3002<\/p>\n<pre class=\"post-pre\"><code>$ show flow-accounting\r\n<\/code><\/pre>\n<h1>Kibana\uff08Web\u524d\u7aef\uff09\u7684\u8bbe\u7f6e<\/h1>\n<p>\u5728\u8fdb\u884c\u524d\u7aef\u64cd\u4f5c\u786e\u8ba4\u4e4b\u524d\uff0c\u8bf7\u4f7f\u7528CLI\u786e\u8ba4\u670d\u52a1\u5668\u7aef\u662f\u5426\u6536\u5230\u4e86NetFlow\u4fe1\u606f<br \/>\n\u9996\u5148\u8fdb\u884c\u7d22\u5f15\u786e\u8ba4<\/p>\n<pre class=\"post-pre\"><code>$ curl -XGET 'localhost:9200\/_cat\/indices?v&amp;pretty'\r\nyellow open   .kibana       GI9kYoEQQyevSkezhedEUw   1   1          3            1     17.1kb         17.1kb\r\nyellow open   flow-YYYYMMDD AeGvmzhgSbeq0C_wtbnjlw   5   1        261            0    428.7kb        428.7kb\r\n<\/code><\/pre>\n<p>\u5982\u679c\u80fd\u591f\u63a5\u6536\u5230NetFlow\uff0c\u5219\u53ef\u4ee5\u786e\u8ba4\u5b58\u5728\u540d\u4e3aflow-YYYYMMDD\u7684\u7d22\u5f15\uff0c\u4ece\u8fd9\u91cc\u53ef\u4ee5\u67e5\u770b\u8be6\u7ec6\u4fe1\u606f\u3002<\/p>\n<pre class=\"post-pre\"><code>$ curl -XGET 'localhost:9200\/flow-YYYYMMDD\/_search?pretty'\r\n<\/code><\/pre>\n<p>\u5982\u679c\u80fd\u591f\u786e\u8ba4Flow\u4fe1\u606f\uff0c\u90a3\u5c31\u6ca1\u95ee\u9898\u4e86\u3002<\/p>\n<p>\u5728Web\u524d\u7aef\uff0c\u9996\u5148\u9700\u8981\u8fdb\u884c\u521d\u59cb\u8bbe\u7f6e\u3002<br \/>\n\u5728\u663e\u793a\u4e3ahttp:\/\/&lt;ip\u5730\u5740|FQDN&gt;:5601\u7684\u754c\u9762\u4e0a\uff0c\u9996\u5148\u8981\u8fdb\u884c\u9ed8\u8ba4\u7d22\u5f15\u7684\u6ce8\u518c\u3002\u8bbe\u7f6e\u5982\u4e0b\u6240\u793a\u3002<\/p>\n<div><img decoding=\"async\" class=\"post-images\" title=\"\" src=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/72-0.png\" alt=\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8 2017-08-21 18.13.29.png\" \/><\/div>\n<p>\u63a5\u4e0b\u6765\uff0c\u4ece[\u7ba1\u7406]-[+\u521b\u5efa\u7d22\u5f15\u6a21\u5f0f]\u4e2d\u6ce8\u518cNetFlow\u7684\u7d22\u5f15\u3002<\/p>\n<div><img decoding=\"async\" class=\"post-images\" title=\"\" src=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/74-0.png\" alt=\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8 2017-08-21 18.15.15.png\" \/><\/div>\n<p>\u6309\u4e0b[Discover]\uff0c\u7136\u540e\u9009\u62e9kibana\u6807\u7b7e\u7684\u25bc\u9009\u9879\uff0c\u9009\u62e9flow-*\u3002\u8fd9\u6837\uff0cNetFlow\u4fe1\u606f\u5c31\u53ef\u4ee5\u50cf\u4e0b\u9762\u7684\u793a\u4f8b\u4e00\u6837\u53ef\u89c6\u5316\u3002<\/p>\n<div><img decoding=\"async\" class=\"post-images\" title=\"\" src=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/76-0.png\" alt=\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8 2017-08-21 18.23.15.png\" \/><\/div>\n<p>\u5728\u521d\u59cb\u9636\u6bb5\uff0cVyOS\u7684\u6d41\u91cf\u4fe1\u606f\u4ee5\u6700\u8fd115\u5206\u949f\u7684\u5f62\u5f0f\u663e\u793a\u3002\u8981\u66f4\u6539\u663e\u793a\u65f6\u95f4\u533a\u95f4\uff0c\u53ea\u9700\u5728\u53f3\u4e0a\u65b9\u8fdb\u884c\u66f4\u6539\u3002<\/p>\n<p>\u4ee5\u4e0a\u662f\u6784\u5efaNetFlow\u76d1\u63a7\u73af\u5883\u7684\u57fa\u672c\u6b65\u9aa4\u3002<\/p>\n<h1>(\u9644\u52a01)\u81ea\u52a8\u5220\u9664\u7d22\u5f15<\/h1>\n<p>\u7531\u4e8e\u7c7b\u4f3c\u672c\u4f8b\u8fd9\u6837\u7684\u7d22\u5f15\u6587\u4ef6\u4f1a\u968f\u7740\u65e5\u671f\u7684\u589e\u52a0\u800c\u79ef\u7d2f\uff0c\u6240\u4ee5\u8fd9\u4f1a\u5bfc\u81f4Elastisearch\u548cKibana\u5728\u5185\u5b58\u548cCPU\u65b9\u9762\u53d8\u5f97\u8f83\u91cd\uff0c\u540c\u65f6\u670d\u52a1\u5668\u7684\u78c1\u76d8\u5bb9\u91cf\u4e5f\u4f1a\u53d8\u5c11\uff0c\u8fd9\u662f\u4e00\u4e2a\u95ee\u9898\u3002<br \/>\n\u56e0\u6b64\uff0c\u9700\u8981\u5b9a\u671f\u5220\u9664\u7d22\u5f15\u6587\u4ef6\u3002<\/p>\n<p>\u4ee5\u4e0b\u7684\u65b9\u6cd5\u662f\u5982\u4f55\u4ece\u547d\u4ee4\u4e2d\u5220\u9664\u7d22\u5f15\u7684\u3002<\/p>\n<pre class=\"post-pre\"><code>$ curl -XDELETE 'http:\/\/localhost:9200\/[index\u540d]?pretty'\r\n<\/code><\/pre>\n<p>\u4f46\u662f\uff0c\u5982\u679c\u53ef\u80fd\u7684\u8bdd\uff0c\u5e0c\u671b\u80fd\u591f\u81ea\u52a8\u6267\u884c\u8fd9\u4e9b\u64cd\u4f5c\u3002<br \/>\n\u4f5c\u4e3a\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u7684\u4fbf\u5229\u5de5\u5177\uff0ccurator\u662f\u4e2a\u4e0d\u9519\u7684\u9009\u62e9\u3002<\/p>\n<p>\u7531\u4e8ecurator\u662f\u5728Python\u4e0a\u8fd0\u884c\u7684\u5de5\u5177\uff0c\u56e0\u6b64\u9700\u8981\u4e8b\u5148\u5b89\u88c5Python\u548cpip\u4f5c\u4e3a\u51c6\u5907\u5de5\u4f5c\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo apt-get install python\r\n$ cd \/tmp\r\n$ wget https:\/\/raw.github.com\/pypa\/pip\/master\/contrib\/get-pip.py\r\n$ sudo python get-pip.py\r\n<\/code><\/pre>\n<p>\u4f7f\u7528pip\u5b89\u88c5curator\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo pip install elasticsearch-curator\r\n$ curator --version\r\ncurator, version 5.1.2\r\n<\/code><\/pre>\n<p>curator\u4f1a\u5728config.yml\u548caction_file.yml\u4e2d\u8fd0\u884c\u3002<br \/>\n\u6211\u4eec\u8981\u521b\u5efa\u4e00\u4e2a\u5b58\u653e\u8fd9\u4e9b\u6587\u4ef6\u7684\u76ee\u5f55\u3002<\/p>\n<pre class=\"post-pre\"><code>$ mkdir ~\/.curator\/\r\n<\/code><\/pre>\n<p>\u6211\u5c06\u521b\u5efa\u4e00\u4e2a config.yml \u6587\u4ef6\u3002\u7531\u4e8e\u9ed8\u8ba4\u8bbe\u7f6e\u770b\u8d77\u6765\u662f\u53ef\u4ee5\u63a5\u53d7\u7684\uff0c\u6240\u4ee5\u6211\u4f1a\u628a\u5b98\u65b9\u793a\u4f8b\u4ee3\u7801\u62ff\u6765\u5e76\u6ce8\u91ca\u6389\u3002<\/p>\n<pre class=\"post-pre\"><code>$ vim ~\/.curator\/curator.yml\r\n\r\n---\r\n# Remember, leave a key empty if there is no value.  None will be a string,\r\n# not a Python \"NoneType\"\r\n#client:\r\n#  hosts:\r\n#    - 127.0.0.1\r\n#  port: 9200\r\n#  url_prefix:\r\n#  use_ssl: False\r\n#  certificate:\r\n#  client_cert:\r\n#  client_key:\r\n#  ssl_no_validate: False\r\n#  http_auth:\r\n#  timeout: 30\r\n#  master_only: False\r\n#\r\n#logging:\r\n#  loglevel: INFO\r\n#  logfile:\r\n#  logformat: default\r\n#  blacklist: ['elasticsearch', 'urllib3']\r\n<\/code><\/pre>\n<p>\u521b\u5efa\u4e00\u4e2a`action_file.yml`\u6587\u4ef6\u3002\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u4f1a\u5173\u95ed\uff08\u4eceElasticsearch\u4e2d\u53d6\u6d88\u5bf9index\u7684\u5f15\u7528\uff09\u8d85\u8fc710\u5929\u4e4b\u524d\u7684index\uff0c\u5e76\u5220\u9664\uff08\u5220\u9664index\uff09\u8d85\u8fc720\u5929\u4e4b\u524d\u7684index\u3002\u6211\u4eec\u53c2\u8003\u4e86\u4ee5\u4e0b\u5b98\u65b9\u6587\u6863\u7684\u793a\u4f8b\u8fdb\u884c\u521b\u5efa\u3002<\/p>\n<pre class=\"post-pre\"><code>$ vim ~\/.curator\/close_delete_indices.yml\r\n\r\n---\r\n# Remember, leave a key empty if there is no value.  None will be a string,\r\n# not a Python \"NoneType\"\r\n#\r\n# Also remember that all examples have 'disable_action' set to True.  If you\r\n# want to use this action as a template, be sure to set this to False after\r\n# copying it.\r\nactions:\r\n  1:\r\n    action: delete_indices\r\n    description: &gt;-\r\n      Delete indices older than 20 days (based on index name), for flow-\r\n      prefixed indices. Ignore the error if the filter does not result in an\r\n      actionable list of indices (ignore_empty_list) and exit cleanly.\r\n    options:\r\n      ignore_empty_list: True\r\n      disable_action: False\r\n    filters:\r\n    - filtertype: pattern\r\n      kind: prefix\r\n      value: flow-\r\n    - filtertype: age\r\n      source: name\r\n      direction: older\r\n      timestring: '%Y%m%d'\r\n      unit: days\r\n      unit_count: 20\r\n  2:\r\n    action: close\r\n    description: &gt;-\r\n      Close indices older than 10 days (based on index name), for flow-\r\n      prefixed indices.\r\n    options:\r\n      ignore_empty_list: True\r\n      delete_aliases: False\r\n      disable_action: False\r\n    filters:\r\n    - filtertype: pattern\r\n      kind: prefix\r\n      value: flow-\r\n    - filtertype: age\r\n      source: name\r\n      direction: older\r\n      timestring: '%Y%m%d'\r\n      unit: days\r\n      unit_count: 10\r\n<\/code><\/pre>\n<p>\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n<pre class=\"post-pre\"><code>$ curator ~\/.curator\/close_delete_indices.yml\r\n<\/code><\/pre>\n<p>\u5982\u679c\u4f7f\u7528cron\u5b9a\u65f6\u6267\u884c\u8fd9\u4e9b\u64cd\u4f5c\uff0c\u5c06\u4f1a\u5b9a\u671f\u5220\u9664\u7d22\u5f15\u6587\u4ef6\u3002<\/p>\n<p>\u786e\u8ba4Cron\u6b63\u5728\u8fd0\u884c\u3002<\/p>\n<pre class=\"post-pre\"><code>$ systemctl status cron.service\r\n\u25cf cron.service - Regular background program processing daemon\r\n   Loaded: loaded (\/lib\/systemd\/system\/cron.service; enabled; vendor preset: enabled)\r\n   Active: active (running) since \u6728 2017-08-17 15:07:19 JST; 6 days ago\r\n<\/code><\/pre>\n<p>\u4f7f\u7528Cron\u6765\u8bbe\u7f6eCurator\u7684\u5b9a\u671f\u6267\u884c\u8ba1\u5212\u3002<\/p>\n<pre class=\"post-pre\"><code>$ crontab -e\r\n(\u9069\u5f53\u306a\u30a8\u30c7\u30a3\u30bf\u3092\u9078\u629e)\r\n<\/code><\/pre>\n<p>cron\u6587\u4ef6\u7684\u7f16\u5199\u65b9\u5f0f\u7b26\u5408\u4ee5\u4e0b\u683c\u5f0f\u3002<\/p>\n<pre class=\"post-pre\"><code>\u5206 \u6642 \u65e5 \u6708 \u66dc\u65e5 \u30b3\u30de\u30f3\u30c9\r\n*  *  *  *  *  command\r\n<\/code><\/pre>\n<div>\n<div class=\"post-table\">\u5bfe\u8c61\u5165\u529b\u3067\u304d\u308b\u6570\u5024\u52060\u301c59\u66420\u301c23\u65e51\u301c31\u67081\u301c12 \u307e\u305f\u306f jan\u301cdec\u66dc\u65e50\u301c7 \u307e\u305f\u306f sun\u301csat<\/div>\n<\/div>\n<p>\u56e0\u6b64\uff0c\u7f16\u5199 curator \u7684\u64cd\u4f5c\uff0c\u6bcf\u5468\u4e00\u7684\u4e2d\u534812\u70b9\u6267\u884c\u3002<\/p>\n<pre class=\"post-pre\"><code>0 12 * * 1 curator ~\/.curator\/close_delete_indices.yml\r\n<\/code><\/pre>\n<p>\u786e\u8ba4 Cron \u662f\u5426\u6b63\u786e\u6ce8\u518c\u3002<\/p>\n<pre class=\"post-pre\"><code>$ crontab -l\r\n<\/code><\/pre>\n<p>\u53e6\u5916\uff0c\u4ee5\u4e0b\u662f\u7528\u4e8e\u786e\u8ba4\u662f\u5426\u6b63\u5e38\u8fd0\u4f5c\u7684\u547d\u4ee4\u3002<\/p>\n<pre class=\"post-pre\"><code>$ cat \/var\/log\/cron\r\n<\/code><\/pre>\n<p>\u987a\u4fbf\u63d0\u4e00\u4e0b\uff0c\u968f\u7740\u672c\u6b21\u7d22\u5f15\u7684\u5173\u95ed\u548c\u5220\u9664\uff0c\u8bb0\u4f4f\u4ee5\u4e0b\u8c03\u8bd5\u547d\u4ee4\u4f1a\u5f88\u65b9\u4fbf\u3002<\/p>\n<pre class=\"post-pre\"><code># index\u306e\u30af\u30ed\u30fc\u30ba\r\ncurl -XPOST 'localhost:9200\/[index\u540d]\/_close'\r\n# index\u306e\u30aa\u30fc\u30d7\u30f3\r\ncurl -XPOST 'localhost:9200\/[index\u540d]\/_open'\r\n<\/code><\/pre>\n<h1>\u6700\u540e<\/h1>\n<p>\u8fd9\u6b21\u867d\u7136\u73af\u5883\u642d\u5efa\u5b8c\u6210\u4e86\uff0c\u4f46\u662f\u5bf9\u4e8e\u5b89\u88c5\u7684\u5305\u6240\u5e26\u6765\u7684\u597d\u5904\u53ea\u662f\u5728\u4eab\u53d7\u4e2d\uff0c\u5374\u8fd8\u6709\u5f88\u591a\u4e0d\u61c2\u7684\u5730\u65b9\u3002\u5c24\u5176\u662f\u6211\u4e0d\u592a\u7406\u89e3\u5982\u4f55\u5728Kibana\u4e2d\u5236\u4f5c\u51fa\u6f02\u4eae\u7684\u53ef\u89c6\u5316\u56fe\u8868\u548c\u4eea\u8868\u677f\uff0c\u6240\u4ee5\u8fd8\u9700\u8981\u5b66\u4e60\u3002\u6211\u6253\u7b97\u6709\u4e00\u5929\u5199\u4e00\u7bc7\u6587\u7ae0\uff0c\u6240\u4ee5\u4f1a\u5728\u90a3\u65f6\u89e3\u91ca\u5982\u4f55\u4f7f\u7528Kibana\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6b21\u6211\u4eec\u5c06\u8bbe\u7f6eNetFlow\u76d1\u89c6\u73af\u5883\uff0c\u4ee5\u786e\u5b9a\u8bbf\u95eeVyOS\u7684\u7ec8\u7aef\u8bbe\u5907\uff08IP\u5730\u5740\uff09\u662f\u5426\u5408\u6cd5\u3002\u6211\u4eec\u5c06\u5728Ubuntu  [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-41229","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluent\u3001elasticsearch\u548ckibana\u6765\u76d1\u63a7vyos\u7684netflow\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow\" \/>\n<meta property=\"og:description\" content=\"\u672c\u6b21\u6211\u4eec\u5c06\u8bbe\u7f6eNetFlow\u76d1\u89c6\u73af\u5883\uff0c\u4ee5\u786e\u5b9a\u8bbf\u95eeVyOS\u7684\u7ec8\u7aef\u8bbe\u5907\uff08IP\u5730\u5740\uff09\u662f\u5426\u5408\u6cd5\u3002\u6211\u4eec\u5c06\u5728Ubuntu [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluent\u3001elasticsearch\u548ckibana\u6765\u76d1\u63a7vyos\u7684netflow\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-13T03:43:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T23:57:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/9-0.jpeg\" \/>\n<meta name=\"author\" content=\"\u6e05, \u626c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u626c\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/\",\"name\":\"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-10-13T03:43:36+00:00\",\"dateModified\":\"2024-04-29T23:57:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\",\"name\":\"\u6e05, \u626c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u626c\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluent\u3001elasticsearch\u548ckibana\u6765\u76d1\u63a7vyos\u7684netflow\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow","og_description":"\u672c\u6b21\u6211\u4eec\u5c06\u8bbe\u7f6eNetFlow\u76d1\u89c6\u73af\u5883\uff0c\u4ee5\u786e\u5b9a\u8bbf\u95eeVyOS\u7684\u7ec8\u7aef\u8bbe\u5907\uff08IP\u5730\u5740\uff09\u662f\u5426\u5408\u6cd5\u3002\u6211\u4eec\u5c06\u5728Ubuntu [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528fluent\u3001elasticsearch\u548ckibana\u6765\u76d1\u63a7vyos\u7684netflow\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-10-13T03:43:36+00:00","article_modified_time":"2024-04-29T23:57:43+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d453c37434c4406ca1de2\/9-0.jpeg"}],"author":"\u6e05, \u626c","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u626c","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/","name":"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-10-13T03:43:36+00:00","dateModified":"2024-04-29T23:57:43+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Fluent\u3001Elasticsearch\u548cKibana\u6765\u76d1\u63a7VyOS\u7684NetFlow"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461","name":"\u6e05, \u626c","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","caption":"\u6e05, \u626c"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8fluent%e3%80%81elasticsearch%e5%92%8ckibana%e6%9d%a5%e7%9b%91%e6%8e%a7vyos%e7%9a%84netflow\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=41229"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41229\/revisions"}],"predecessor-version":[{"id":90668,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41229\/revisions\/90668"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=41229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=41229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=41229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}