| ... | @@ -38,7 +38,7 @@ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee |
... | @@ -38,7 +38,7 @@ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee |
|
|
```
|
|
```
|
|
|
```
|
|
```
|
|
|
sudo apt-get update
|
|
sudo apt-get update
|
|
|
apt-get install –y elasticsearch
|
|
apt-get install -y elasticsearch
|
|
|
```
|
|
```
|
|
|
Start elasticsearch
|
|
Start elasticsearch
|
|
|
```
|
|
```
|
| ... | @@ -53,7 +53,7 @@ curl –X get http://localhost:9200 |
... | @@ -53,7 +53,7 @@ curl –X get http://localhost:9200 |
|
|
|
|
|
|
|
#### Installing logstash.
|
|
#### Installing logstash.
|
|
|
```
|
|
```
|
|
|
apt-get install –y logstash
|
|
apt-get install -y logstash
|
|
|
```
|
|
```
|
|
|
##### SSL-certificate
|
|
##### SSL-certificate
|
|
|
We are going to add a SSL-certificate to identify Filebeat to Logstash. We are using IP-addresses in this case.
|
|
We are going to add a SSL-certificate to identify Filebeat to Logstash. We are using IP-addresses in this case.
|
| ... | @@ -71,6 +71,7 @@ Now we have a logstash-forwarder.crt and key. |
... | @@ -71,6 +71,7 @@ Now we have a logstash-forwarder.crt and key. |
|
|
The configuration is made in /etc/logstash/conf.d/logstash.conf
|
|
The configuration is made in /etc/logstash/conf.d/logstash.conf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I have commented out the host part because it was unneccessary.
|
|
I have commented out the host part because it was unneccessary.
|
|
|
|
|
|
|
|
#### Installing Filebeat
|
|
#### Installing Filebeat
|
| ... | @@ -82,7 +83,7 @@ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee |
... | @@ -82,7 +83,7 @@ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee |
|
|
Then we install filebeat:
|
|
Then we install filebeat:
|
|
|
|
|
|
|
|
```
|
|
```
|
|
|
apt-get install –y filebeat
|
|
apt-get install -y filebeat
|
|
|
```
|
|
```
|
|
|
Now we insert the same certificate that we created in the logstash intallation:
|
|
Now we insert the same certificate that we created in the logstash intallation:
|
|
|
```
|
|
```
|
| ... | @@ -96,7 +97,22 @@ In the filebeat.prospects part we need to comment on the logs, or remove them, t |
... | @@ -96,7 +97,22 @@ In the filebeat.prospects part we need to comment on the logs, or remove them, t |
|
|
Then we need to add the output file to logstash output.
|
|
Then we need to add the output file to logstash output.
|
|
|
|
|
|
|
|
|
|
|
|
|
We want to uncomment the output.logstash part and add the elk-server-ip to the hosts part and add the port 5044. You also need to add the ssl.certificate_authorities the path to the certifcate file.
|
|
We want to uncomment the output.logstash part and add the elk-server-ip to the hosts part and add the port 5044. You also need to add the ssl.certificate_authorities the path to the certificate file.
|
|
|
|
|
|
|
|
After that run the filebeat:
|
|
|
|
```
|
|
|
|
Systemctl restart filebeat
|
|
|
|
systemctl enable filebeat
|
|
|
|
```
|
|
|
|
#### Installing Kibana
|
|
|
|
The kibana is installed in the elk-server. Installing kibana:
|
|
|
|
```
|
|
|
|
sudo apt-get install -y kibana
|
|
|
|
```
|
|
|
|
##### Configuring Kibana
|
|
|
|
The Kibana configuration file is located at /etc/kibana/kibana.yml:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You only need to change the server.host:"your-elk-server" and add the URL of elasticsearch address: elasticsearch.url:"http://localhost:9200"
|
|
|
|
|
|
