Simple Install and Configure ELK stack on ubuntu 18 server

sudo apt install openjdk-8-jre apt-transport-https wget nginx
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

vi /etc/apt/sources.list.d/elastic.list
  • paste to elastic.list :

deb https://artifacts.elastic.co/packages/7.x/apt stable main

sudo apt update
sudo apt install elasticsearch kibana
  • vi /etc/elasticsearch/elasticsearch.yml
  • uncomment and change line : network.host: localhost
  • vi /etc/kibana/kibana.yml
  • uncomment line : server.host: "localhost"
  • Start both elasticsearch and kibana
sudo systemctl start kibana
sudo systemctl start elasticsearch
  • Set boot time startup:
sudo systemctl enable elasticsearch
sudo systemctl enable kibana
  • Test ElasticSerach
curl -X GET "localhost:9200"

{
	"name" : "elk-ubuntu18server-01",
	"cluster_name" : "elasticsearch",
	"cluster_uuid" : "g1Uf3CV2TuulUXX1pig_Kw",
	"version" : 
	{
		"number" : "7.8.0",
		"build_flavor" : "default",
		"build_type" : "deb",
		"build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
		"build_date" : "2020-06-14T19:35:50.234439Z",
		"build_snapshot" : false,
		"lucene_version" : "8.5.1",
		"minimum_wire_compatibility_version" : "6.8.0",
		"minimum_index_compatibility_version" : "6.0.0-beta1"
	},
	"tagline" : "You Know, for Search"
}

Setup NGINX

  • Create user and password using openssl. The following command will create the administrative Kibana user and password, and store them in the htpasswd.users file. Run the following command and create a password for kibanaadmin. (change the kibanaadmin to your username if desired).
echo "kibanaadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
  • vi /etc/nginx/sites-available/your-site.com --> replace your-site.com to your site
  • add the following config to it
server {
        listen 80;

        server_name your-site.com;

        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/htpasswd.kibana;

        location / {
            proxy_pass http://localhost:5601;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;        
        }
    }
  • Remove the default
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
sudo ufw allow 'Nginx Full'
sudo systemctl restart nginx

  • Test it by opening web-broswer : http://your-ip-address/status

Install Logstash

  • sudo apt install logstash

DONE