![]() Sudo nano /etc/logstash/conf.d/nfĮxecute this command to test your configuration files: This filter looks for logs that are labeled as "syslog" type (by Filebeat), and it will try to use grok to parse incoming syslog logs to make it structured and query-able.Ĭreate the output file with this command: ![]() In its entirety, marking the truncation with Note that nano doen't display the long line This specifies a beats input that will listen on TCP port 5044, and it will use the SSL certificate and private key that we created earlier.Ĭreate the filter file with this command: Ssl_key => "/etc/pki/tls/private/logstash-forwarder.key" Ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt" The configuration consists of three sections: inputs, filters, and outputs.įirst create the input file with this command: Logstash configuration files are in the JSON-format, and reside in /etc/logstash/conf.d. Sudo openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt Now generate the SSL certificate and private key in the appropriate locations (/etc/pki/tls/.), with the following commands: Openssl that your certificate is attached Create the directories that will store the certificate and private key with the following commands: The certificate is used by Filebeat to verify the identity of ELK Server. Since we are going to use Filebeat to ship logs from our Client Servers to our ELK Server, we need to create an SSL certificate and key pair. Now, we'll check the config for syntax errors and restart Nginx if none are found: Also, Nginx will use the ers file, that we created earlier, and require basic authentication. This configures Nginx to direct your server's HTTP traffic to the Kibana application, which is listening on localhost:5601. "172.16.1.192" with your server's public IP address. Sudo nano /etc/nginx/sites-available/defaultĪuth_basic_user_file /etc/nginx/ers In the Kibana configuration file, find the line that specifies server.host,Īnd replace the IP address ("0.0.0.0" by default) with "localhost":Įcho "kibanaadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/ers Sudo nano /etc/elasticsearch/elasticsearch.ymlįind the line that specifies network.host, uncomment it, and replace its value with "localhost" so it looks like this,Įcho "deb stable main" | sudo tee -a /etc/apt/sources.listĮnter y when it asks whether to install unauthenticated packages. Sudo apt -y install oracle-java8-installerĮcho "deb stable main" | sudo tee -a /etc/apt//elasticsearch-2.x.list Sudo add-apt-repository -y ppa:webupd8team/java ![]() Sudo apt install software-properties-common -yĮnter your password when you are prompted to. If you are using a PC, you probably don't With your own username, and the IP address Use this command to connect, as shown below. Now you can connect to your server with any Both of these tools are based on Elasticsearch, which is used for storing logs.ĭownload the latest version of Ubuntu 16.04 Server fromĬreate a new virtual machine and install it. Kibana is a web interface that can be used to search and view the logs that Logstash has indexed. Logstash is an open source tool for collecting, parsing, and storing logs for future use. Solution for centralized logging, and it'sĮLK is considered simpler and easier to use Project 1x: Setting Up ELK (15 pts extra credit) What You NeedĪ computer of any sort with a virtualization program
0 Comments
Leave a Reply. |