~]# systemctl enable logstashĪllow 5044 tcp port in the OS firewall with following command so that Logstash get logs from Clients conf.d]# firewall-cmd -permanent -add-port=5044/tcp We will now start the logstash service & enable it at boot time, ~]# systemctl daemon-reload All these sections can also be divided into three separate files but we have used them in single file for ease of configuration. Last section is ‘output section’ & it defines the location for the storage of logs, # output section ‘filter section’ will parse the logs before sending them to elasticsearch, # Filter section This section makes logstash to listen on port 5044 for incoming logs & also provides SSL certificate details for secure connection. Ssl_key => "/etc/ssl/logstash-forwarder.key" Ssl_certificate => "/etc/ssl/logstash_frwrd.crt" input, filter & output section ~]# vi /etc/logstash/conf.d/nf This file will be divided into three sections i.e. We will now create a configuration file for logstash under the folder ‘ /etc/logstash/conf.d‘. Once the certificate is ready, this should be copied to all the clients using scp command. Writing new private key to 'logstash-forwarder.key' ssl]# openssl req -x509 -days 365 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash_frwrd.crt Now change the directory to /etc/ssl & create SSL certificate with 365 days validity, ~]# cd /etc/ssl/ Since we will be using IP address to connect to server, we will create SSL certificate for IP SAN.īefore creating a SSL certificate, we will make an entry of our IP in openssl.cnf, ~]# vi /etc/pki/tls/openssl.cnfĪnd look for parameter with ‘subjectAltName’ under section & add your server IP to it, subjectAltName = IP: 192.168.0.180 Configuration SSL certificate for logstashĪfter the logstash installation, we will now create a SSL certificate for securing communication between logstash & filebeat (clients). Installation of ELK stack is now complete & we will make the necessary configurations. To do that, open web-browser & enter the following url Next, we will access the webpage for kibana to make sure it’s working. ~]# systemctl enable kibanaĪllow 5601 port in OS Firewall ~]# firewall-cmd -permanent -add-port 5601/tcp
#Install filebeats with yum install#
Now install kibana using yum, ~]# yum install kibana -yĪfter installation, start service & enable it at boot time ~]# systemctl start kibana Name=Kibana repository for 4.5.x packages We will now create a repository for kibana, ~]# vi /etc//kibana.repo Now install logstash, ~]# yum install logstash -y Kibana We will now add logstash repository, ~]# vi /etc//logstash.repo We will now test elasticsearch to make sure that its responding to queries ~]# curl -X GET Output of above command should be something like below: In case Firewall is running ~]# firewall-cmd -permanent -add-port 9200/tcp ~]# systemctl enable elasticsearchĪllow the 9200 tcp port in the OS firewall. Now we start the service & will also set to start at boot time ~]# systemctl daemon-reload Once the repository has been added, install elasticsearch using yum, ~]# yum install elasticsearch -y Now we will create a repo for the elastic-search repository, ~]# vi /etc//elasticsearch.repo We will start by importing the GPG keys for elasticsearch, this key will also be shared with logstash & kibana.
#Install filebeats with yum update#
Update /etc/hosts file 192.168.0.180 elk-stack Installation Steps of ELK Stack Elasticsearch Set the Hostname and update /etc/hosts file ~]# hostnamectl set-hostname "" OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode) OpenJDK Runtime Environment (build 1.8.0_131-b12) ~]# yum install java-1.8.0-openjdk ~]# java -version So make sure that java open-jdk version 1.8.0_* is installed and running and in case it is not installed, then run the beneath yum command to install Machine on which we will install ELK should have Java version 8 installed on it as.
0 kommentar(er)
