Simple Install and Configure ELK stack on ubuntu 18 server
sudo apt install openjdk-8-jre apt-transport-https wget nginx
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
vi /etc/apt/sources.list.d/elastic.list
- paste to elastic.list :
deb https://artifacts.elastic.co/packages/7.x/apt stable main
sudo apt update
sudo apt install elasticsearch kibana
- vi /etc/elasticsearch/elasticsearch.yml
- uncomment and change line : network.host: localhost
- vi /etc/kibana/kibana.yml
- uncomment line : server.host: "localhost"
- Start both elasticsearch and kibana
sudo systemctl start kibana
sudo systemctl start elasticsearch
- Set boot time startup:
sudo systemctl enable elasticsearch
sudo systemctl enable kibana
- Test ElasticSerach
curl -X GET "localhost:9200"
{
"name" : "elk-ubuntu18server-01",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "g1Uf3CV2TuulUXX1pig_Kw",
"version" :
{
"number" : "7.8.0",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
"build_date" : "2020-06-14T19:35:50.234439Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Setup NGINX
- Create user and password using openssl. The following command will create the administrative Kibana user and password, and store them in the
htpasswd.users
file. Run the following command and create a password for kibanaadmin. (change the kibanaadmin to your username if desired).
echo "kibanaadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
- vi /etc/nginx/sites-available/your-site.com --> replace your-site.com to your site
- add the following config to it
server {
listen 80;
server_name your-site.com;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- Remove the default
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
sudo ufw allow 'Nginx Full'
sudo systemctl restart nginx
- Test it by opening web-broswer : http://your-ip-address/status
Install Logstash
- sudo apt install logstash
DONE