-
Notifications
You must be signed in to change notification settings - Fork 3
/
ELK Installation
77 lines (66 loc) · 2.88 KB
/
ELK Installation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
A little background
Elastic-search: efficiently stores the logs
Logstash: processes logs coming from different sources.
Kibana: visualizes the logs
ELK: a single server running all these three components.
1) Install epel repository
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2) Install JDK
wget --no-check-certificate -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u60-b27/jdk-8u60-linux-x64.tar.gz
tar -xzf jdk-8u60-linux-x64.tar.gz
mv jdk1.8.0_60/ /usr/
/usr/sbin/alternatives --install /usr/bin/java java /usr/jdk1.8.0_60/bin/java 2
/usr/sbin/alternatives --config java
export JAVA_HOME=/usr/jdk1.8.0_60/
export JRE_HOME=/usr/jdk1.8.0_60/jre/
export PATH=$JAVA_HOME/bin:$PATH
3) Install elasticsearch
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
cat <<EOF >> /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-1.7]
name=Elasticsearch repository for 1.7.x packages
baseurl=http://packages.elastic.co/elasticsearch/1.7/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF
yum -y install elasticsearch
/bin/systemctl daemon-reload
/bin/systemctl enable elasticsearch.service
/bin/systemctl start elasticsearch.service
4) Install logstash
cat <<EOF >> /etc/yum.repos.d/logstash.repo
[logstash-1.5]
name=Logstash repository for 1.5.x packages
baseurl=http://packages.elasticsearch.org/logstash/1.5/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1
EOF
yum -y install logstash
5) Open openssl.conf file and edit [ v3_ca ] field and add subjectAltName = IP: ELK_IP
In order to create SSL certificate and private key, run the following commands:
cd /etc/pki/tls
openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
6) You need to configure logstash, its input, filter and output (and the pattern file). Configuration files I used will be added in this repository.
systemctl restart logstash.service to restart logstash.
7) Install kibana
wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz
tar -zxf kibana-4.1.2-linux-x64.tar.gz
mv kibana-4.1.2-linux-x64 /opt/kibana4
sed -i 's/#pid_file/pid_file/g' /opt/kibana4/config/kibana.yml
nano /etc/systemd/system/kibana4.service
[Unit]
Description=Kibana 4 Web Interface
After=elasticsearch.service
After=logstash.service
[Service]
ExecStartPre=rm -rf /var/run/kibana.pid
ExecStart=/opt/kibana4/bin/kibana
ExecReload=kill -9 $(cat /var/run/kibana.pid) && rm -rf /var/run/kibana.pid && /opt/kibana4/bin/kibana
ExecStop=kill -9 $(cat /var/run/kibana.pid)
[Install]
WantedBy=multi-user.target
systemctl start kibana4.service
systemctl enable kibana4.service
8) Now you can go to http://ELK_IP:5601 and see the logs coming...