How To Install Elastic Stack (ELK) on CentOS 8

How To Install Elastic Stack (ELK) on CentOS 8

Hey Folks!

Today I’m gonna walk y’all through the process of installing the ELK Stack on a CentOS 8 Host.

Prerequisites

  1. Install Java 8+
    • sudo dnf install java-1.8.0-openjdk

Installing The Elastic Repositories

  • sudo rpm ––import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • cd /etc/yum.repos.d/

  • sudo vim elasticsearch.repo

  • Paste The Following Into The Repo File (What this is doing is adding the networking requirements to get all the software needed from Elastic and also verifying it using their Public Key) 
    [elasticstack]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  • sudo dnf update

Excellent! Let's Get Started Installing ELK

  • sudo dnf install elasticsearch

  • sudo vim /etc/elasticsearch/elasticsearch.yml

  • Uncomment and Change the below lines from the default config 
    # Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#
# Set a custom port for HTTP:
#
http.port: 9200

  • sudo reboot

  • sudo systemctl start elasticsearch

  • sudo systemctl enable elasticsearch

  • curl –X GET “localhost:9200” (You should get a nice blurb - if no errors)

  • sudo dnf install kibana

  • sudo vim /etc/kibana/kibana.yml

  • Uncomment and Change the below lines from the default config 
    server.port: 5601
server.host: “localhost”
elasticsearch.hosts: [“http://localhost:9200”]

  • sudo systemctl start kibana

  • sudo systemctl enable kibana

  • firewall-cmd --add-port=5601/tcp --permanent

  • firewall-cmd --reload

  • Navigate to http://localhost:5601

  • Hopefully Kibana Shows Up! But we’re not done yet ;) Still gotta give Elasticsearch some data to munch on :)

  • sudo dnf install logstash

  • sudo systemctl start logstash

  • sudo systemctl enable logstash

Getting Data w/Beats (filebeat, packetbeat, for the sake of the tutorial I'm just gonna use these two respectively, for system data and system log files(filebeat :) and network data or network 'packets' (packetbeat))

  • sudo dnf install filebeat

  • sudo filebeat modules enable system

  • sudo filebeat setup

  • sudo service filebeat start

Let's Refresh and Go Back to Kibana

  • Lit!! There You Have It! ELK on CentOS 8




« Find and Lead the Perfect Remote Team With These Simple Tips
What's In A Computer Network? - Networking Basics - Part 1 »

Related Post in “Cyber”


Related Post in “Blog”


comments powered by Disqus
Search
    Newsletter

    Subscribe

    * indicates required

    Intuit Mailchimp

    Useful Links