How To Install Elastic Stack (ELK) on CentOS 8

 

Hey Folks!

Today I’m gonna walk y’all through the process of installing the ELK Stack on a CentOS 8 Host.

Prerequisites

  1. Install Java 8+
    • sudo dnf install java-1.8.0-openjdk

Installing The Elastic Repositories

  • sudo rpm ––import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • cd /etc/yum.repos.d/

  • sudo vim elasticsearch.repo

  • Paste The Following Into The Repo File (What this is doing is adding the networking requirements to get all the software needed from Elastic and also verifying it using their Public Key)
    [elasticstack]
    name=Elastic repository for 7.x packages
    baseurl=https://artifacts.elastic.co/packages/7.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md
    
  • sudo dnf update

Excellent! Let's Get Started Installing ELK

  • sudo dnf install elasticsearch

  • sudo vim /etc/elasticsearch/elasticsearch.yml

  • Uncomment and Change the below lines from the default config
    # Set the bind address to a specific IP (IPv4 or IPv6):
    #
    network.host: localhost
    #
    # Set a custom port for HTTP:
    #
    http.port: 9200
    
  • sudo reboot

  • sudo systemctl start elasticsearch

  • sudo systemctl enable elasticsearch

  • curl –X GET “localhost:9200” (You should get a nice blurb - if no errors)

  • sudo dnf install kibana

  • sudo vim /etc/kibana/kibana.yml

  • Uncomment and Change the below lines from the default config
    server.port: 5601
    server.host: “localhost”
    elasticsearch.hosts: [“http://localhost:9200”]
    
  • sudo systemctl start kibana

  • sudo systemctl enable kibana

  • firewall-cmd --add-port=5601/tcp --permanent

  • firewall-cmd --reload

  • Navigate to http://localhost:5601

  • Hopefully Kibana Shows Up! But we’re not done yet ;) Still gotta give Elasticsearch some data to munch on :)

*

  • sudo dnf install logstash

  • sudo systemctl start logstash

  • sudo systemctl enable logstash

Getting Data w/Beats (filebeat, packetbeat, for the sake of the tutorial I'm just gonna use these two respectively, for system data and system log files(filebeat :) and network data or network 'packets' (packetbeat))

  • sudo dnf install filebeat

  • sudo filebeat modules enable system

  • sudo filebeat setup

  • sudo service filebeat start

Let's Refresh and Go Back to Kibana

  • Lit!! There You Have It! ELK on CentOS 8