| ... | ... | @@ -16,6 +16,8 @@ We are sending gitlab logs by using filebeat to logstash to a remote machine. |
|
|
|
| 5.6.9 | Filebeat|
|
|
|
|
|
|
|
|
### Installation steps
|
|
|
|
|
|
|
|
#### Java
|
|
|
|
First we need to install java 8 on the machine running the elk-stack
|
|
|
|
|
|
|
|
```
|
| ... | ... | @@ -27,7 +29,8 @@ Check java version: |
|
|
|
```
|
|
|
|
java -version
|
|
|
|
```
|
|
|
|
Installing elasticsearch by first creating a repositoy and adding the elk-stack installation file there.
|
|
|
|
#### Elasticsearch
|
|
|
|
Installing elasticsearch by first creating a repository and adding the elk-stack installation file there.
|
|
|
|
|
|
|
|
```
|
|
|
|
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -.
|
| ... | ... | @@ -47,3 +50,25 @@ Check the version of installed elasticsearch. You can also see the version in yo |
|
|
|
curl –X get http://localhost:9200
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
#### Installing logstash.
|
|
|
|
```
|
|
|
|
apt-get install –y logstash
|
|
|
|
```
|
|
|
|
##### SSL-certificate
|
|
|
|
We are going to add a SSL-certificate to identify Filebeat to Logstash. We are using IP-addresses in this case.
|
|
|
|
In the els-stack machine edit the /etc/ssl/openssl.conf file and add SubjectAltName= IP:yourserverip.
|
|
|
|
|
|
|
|
After that we need to generate the key. In the /etc/ssl folder.
|
|
|
|
```
|
|
|
|
openssl req -x509 -days 365 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt
|
|
|
|
```
|
|
|
|
Now we have a logstash-forwarder.crt and key.
|
|
|
|
|
|
|
|
|
|
|
|
#### Configurating Logstash
|
|
|
|
|
|
|
|
The configuration is made in /etc/logstash/conf.d/logstash.conf
|
|
|
|
|
|
|
|
 I have commented out the host part because it was unneccessary.
|
|
|
|
|
