Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04
- # http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-elasticsearch-logstash-and-kibana-4-on-ubuntu-14-04-15-04.html
- #!/bin/sh
- add-apt-repository -y ppa:webupd8team/java
- wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
- echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
- apt-get update
- apt-get -y install oracle-java8-installer
- apt-get -y install elasticsearch
- nano /etc/elasticsearch/elasticsearch.yml
- # change to this -> network.host: localhost
- service elasticsearch restart
- update-rc.d elasticsearch defaults 95 10
- # kibana
- groupadd -g 999 kibana
- useradd -u 999 -g 999 kibana
- cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
- tar xvf kibana-*.tar.gz
- nano ~/kibana-4*/config/kibana.yml
- # change to this -> network.host: localhost
- mkdir -p /opt/kibana
- cp -R ~/kibana-4*/* /opt/kibana/
- chown -R kibana: /opt/kibana
- cd /etc/init.d && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-init
- cd /etc/default && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-default
- sudo chmod +x /etc/init.d/kibana
- sudo update-rc.d kibana defaults 96 9
- sudo service kibana start
- # nginx
- apt-get install nginx apache2-utils
- htpasswd -c /etc/nginx/htpasswd.users akhfa
- nano /etc/nginx/sites-available/default
- /*
- server {
- listen 80;
- server_name example.com;
- auth_basic "Restricted Access";
- auth_basic_user_file /etc/nginx/htpasswd.users;
- location / {
- proxy_pass http://localhost:5601;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection 'upgrade';
- proxy_set_header Host $host;
- proxy_cache_bypass $http_upgrade;
- }
- }
- */
- service nginx restart
- # logstash
- echo 'deb http://packages.elasticsearch.org/logstash/2.0/debian stable main' | sudo tee /etc/apt/sources.list.d/logstash.list
- apt-get update
- apt-get install logstash
- mkdir -p /etc/pki/tls/certs
- mkdir /etc/pki/tls/private
- nano /etc/ssl/openssl.cnf
- # insert under [ v3_ca ]
- # subjectAltName = IP: logstash server ip
- cd /etc/pki/tls
- openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
- nano /etc/logstash/conf.d/01-lumberjack-input.conf
- # insert this
- /*
- input {
- lumberjack {
- port => 5043
- type => "logs"
- ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
- ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
- }
- }
- */
- nano /etc/logstash/conf.d/10-syslog.conf
- # insert this
- /*
- filter {
- if [type] == "syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{host}" ]
- }
- syslog_pri { }
- date {
- match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- }
- }
- }
- */
- nano /etc/logstash/conf.d/30-lumberjack-output.conf
- # insert this
- /*
- output {
- elasticsearch { hosts => ["localhost:9200"] }
- stdout { codec => rubydebug }
- }
- */
- service logstash restart
- update-rc.d logstash defaults 96 9
- # send certificate to client
- scp /etc/pki/tls/certs/logstash-forwarder.crt user@client_server_private_address:/tmp
- # install this on client
- echo 'deb http://packages.elastic.co/logstashforwarder/debian stable main' | sudo tee /etc/apt/sources.list.d/logstashforwarder.list
- wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
- sudo apt-get update
- sudo apt-get install logstash-forwarder
- mkdir -p /etc/pki/tls/certs
- cp /tmp/logstash-forwarder.crt /etc/pki/tls/certs/
- nano /etc/logstash-forwarder.conf
- # input this under network section
- /*
- "servers": [ "logstash_server_private_address:5043" ],
- "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
- "timeout": 15
- */
- # input this under files section
- /*
- {
- "paths": [
- "/var/log/syslog",
- "/var/log/auth.log"
- ],
- "fields": { "type": "syslog" }
- }
- */
- service logstash-forwarder restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement