API tools faq
paste
Advertisement
akhfa

Install Elasticsearch Logstash Kibana Ubuntu 14.04 DRAFT

akhfa
Nov 11th, 2015
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.58 KB | None | 0 0
raw download clone embed print report
  1. # https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04
  2. # http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-elasticsearch-logstash-and-kibana-4-on-ubuntu-14-04-15-04.html
  3.  
  4. #!/bin/sh
  5. add-apt-repository -y ppa:webupd8team/java
  6. wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  7. echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
  8. apt-get update
  9. apt-get -y install oracle-java8-installer
  10. apt-get -y install elasticsearch
  11. nano /etc/elasticsearch/elasticsearch.yml
  12. # change to this -> network.host: localhost
  13. service elasticsearch restart
  14. update-rc.d elasticsearch defaults 95 10
  15.  
  16. # kibana
  17. groupadd -g 999 kibana
  18. useradd -u 999 -g 999 kibana
  19. cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
  20. tar xvf kibana-*.tar.gz
  21. nano ~/kibana-4*/config/kibana.yml
  22. # change to this -> network.host: localhost
  23. mkdir -p /opt/kibana
  24. cp -R ~/kibana-4*/* /opt/kibana/
  25. chown -R kibana: /opt/kibana
  26. cd /etc/init.d && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-init
  27. cd /etc/default && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-default
  28. sudo chmod +x /etc/init.d/kibana
  29. sudo update-rc.d kibana defaults 96 9
  30. sudo service kibana start
  31.  
  32. # nginx
  33. apt-get install nginx apache2-utils
  34. htpasswd -c /etc/nginx/htpasswd.users akhfa
  35. nano /etc/nginx/sites-available/default
  36.  
  37. /*
  38. server {
  39.     listen 80;
  40.  
  41.     server_name example.com;
  42.  
  43.     auth_basic "Restricted Access";
  44.     auth_basic_user_file /etc/nginx/htpasswd.users;
  45.  
  46.     location / {
  47.         proxy_pass http://localhost:5601;
  48.         proxy_http_version 1.1;
  49.         proxy_set_header Upgrade $http_upgrade;
  50.         proxy_set_header Connection 'upgrade';
  51.         proxy_set_header Host $host;
  52.         proxy_cache_bypass $http_upgrade;        
  53.     }
  54. }
  55. */
  56.  
  57. service nginx restart
  58.  
  59. # logstash
  60. echo 'deb http://packages.elasticsearch.org/logstash/2.0/debian stable main' | sudo tee /etc/apt/sources.list.d/logstash.list
  61. apt-get update
  62. apt-get install logstash
  63. mkdir -p /etc/pki/tls/certs
  64. mkdir /etc/pki/tls/private
  65. nano /etc/ssl/openssl.cnf
  66. # insert under [ v3_ca ]
  67. # subjectAltName = IP: logstash server ip
  68. cd /etc/pki/tls
  69. openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
  70.  
  71. nano /etc/logstash/conf.d/01-lumberjack-input.conf
  72. # insert this
  73. /*
  74. input {
  75.   lumberjack {
  76.     port => 5043
  77.     type => "logs"
  78.     ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
  79.     ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  80.   }
  81. }
  82. */
  83.  
  84. nano /etc/logstash/conf.d/10-syslog.conf
  85. # insert this
  86. /*
  87. filter {
  88.   if [type] == "syslog" {
  89.     grok {
  90.       match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
  91.       add_field => [ "received_at", "%{@timestamp}" ]
  92.       add_field => [ "received_from", "%{host}" ]
  93.     }
  94.     syslog_pri { }
  95.     date {
  96.       match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
  97.     }
  98.   }
  99. }
  100. */
  101.  
  102. nano /etc/logstash/conf.d/30-lumberjack-output.conf
  103. # insert this
  104. /*
  105. output {
  106.   elasticsearch { hosts => ["localhost:9200"] }
  107.   stdout { codec => rubydebug }
  108. }
  109. */
  110.  
  111. service logstash restart
  112. update-rc.d logstash defaults 96 9
  113.  
  114. # send certificate to client
  115. scp /etc/pki/tls/certs/logstash-forwarder.crt user@client_server_private_address:/tmp
  116.  
  117.  
  118.  
  119. # install this on client
  120. echo 'deb http://packages.elastic.co/logstashforwarder/debian stable main' | sudo tee /etc/apt/sources.list.d/logstashforwarder.list
  121. wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  122. sudo apt-get update
  123. sudo apt-get install logstash-forwarder
  124. mkdir -p /etc/pki/tls/certs
  125. cp /tmp/logstash-forwarder.crt /etc/pki/tls/certs/
  126. nano /etc/logstash-forwarder.conf
  127. # input this under network section
  128. /*
  129. "servers": [ "logstash_server_private_address:5043" ],
  130.     "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
  131.     "timeout": 15
  132. */
  133.  
  134. # input this under files section
  135. /*
  136. {
  137.       "paths": [
  138.         "/var/log/syslog",
  139.         "/var/log/auth.log"
  140.        ],
  141.       "fields": { "type": "syslog" }
  142. }
  143. */
  144.  
  145. service logstash-forwarder restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!