Installation

Documentation of my ELK installation

OS: Ubuntu 18.04 Server

Preparation

Install openjdk

sudo apt install openjdk-8-jre

ElasticSearch

Install ElasticSearch

cd /opt
sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.0-amd64.deb
sudo dpkg -i elasticsearch-7.6.0-amd64.deb
sudo systemctl daemon-reload

Enable boot start

sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service

To check if it is up, do

ps aux | grep elastic

Test elasticsearch

~$ curl -XGET 127.0.0.1:9200
{
  "name" : "mgmtlan-elk",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "6GG9ZE73QGiQN5_101Jmiw",
  "version" : {
    "number" : "7.6.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "7f634e9f44834fbc12724506cc1da681b0c3b1e3",
    "build_date" : "2020-02-06T00:09:00.449973Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Logstash

Install Logstash

cd /opt
sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-7.6.0.deb
sudo dpkg -i logstash-7.6.0.deb
sudo systemctl daemon-reload

Enable boot-start

sudo systemctl enable logstash.service
sudo systemctl start logstash.service

Config Logstash to auto refresh configuration:

sudo nano /etc/logstash/logstash.yml

Then replace # config.reload.automatic: false by 

config.reload.automatic: true

Then replace # config.reload.interval: 3sby

config.reload.interval: 3s

Restart Logstash service

sudo systemctl restart logstash.service

Kibana

Install Kibana

cd /opt
sudo wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.0-amd64.deb
sudo dpkg -i kibana-7.6.0-amd64.deb
sudo systemctl daemon-reload

Auto boot start

sudo systemctl enable kibana.service
sudo systemctl start kibana.service

For all-in-one installation, configure kibana:

sudo nano /etc/kibana/kibana.yml

Change # elasticsearch.hosts: ["http://localhost:9200"] to

elasticsearch.hosts: ["http://localhost:9200"]

Also open kibana on any interfaces. Change # server.host: "localhost" to

server.host: "0.0.0.0"

Then save the config file and restart Kibana.

sudo systemctl restart kibana.service

PreviousOSCP-like VulnHubsNextElasticsearch

Last updated