Prerequisite sudo apt update sudo apt install openjdk-8-jdk sudo apt-get install -y nginx sudo systemctl enable nginx You Should be having s...
Prerequisite
- sudo apt update
- sudo apt install openjdk-8-jdk
- sudo apt-get install -y nginx
- sudo systemctl enable nginx
- You Should be having sudo permission
- Run below command without root user (don't use sudo su to run below commands). You can run a command whoami to check that you are not logged in as root user.
Install Elastic Search
- wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-amd64.deb
- sudo dpkg -i elasticsearch-7.2.0-amd64.deb
Install kibana
- sudo wget https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-amd64.deb
- sudo dpkg -i kibana-7.2.0-amd64.deb
Install Logstash
- sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.deb
- sudo dpkg -i logstash-7.2.0.deb
Install Dependencies
- sudo apt-get install -y apt-transport-https
Install FileBeat
- wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.2.0-amd64.deb
- sudo dpkg -i filebeat-7.2.0-amd64.deb
Modify elasticsearch yaml file
- sudo vi /etc/elasticsearch/elasticsearch.yml
- Make below changes in this file
cluster.name: my-application
node.name: node-1
http.port: 9200
network.host: localhost
- sudo systemctl start elasticsearch
Modify Kibana yaml file
- sudo vi /etc/kibana/kibana.yml
- Make below changes in the file
server.port: 5601
server.host: "localhost"
sudo systemctl start kibana
sudo apt-get install -y apache2-utils
sudo htpasswd -c /etc/nginx/htpasswd.users kibadmin
sudo vi /etc/nginx/sites-available/default
server {
listen 80;
server_name 3.108.42.168;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- sudo systemctl restart nginx
Download Some sample data
1.sudo wget https://logz.io/sample-data
2. sudo mv sample-data apache.log
3. vi /etc/logstash/conf.d/apache.conf
input {
file {
path => "/home/ubuntu/apache.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "petclinic-prd-1"
}
}
- sudo systemctl restart logstash
Getting data from filebeat
- sudo filebeat modules list
- sudo filebeat modules enable nginx
- sudo filebeat modules enable system
- cd /etc/filebeat/modules.d/
- sudo vi nginx.yml
access:
enabled: true
var.paths: ["/var/log/nginx/access.log*"]
# Error logs
error:
enabled: true
var.paths: ["/var/log/nginx/error.log*"]
- sudo vi system.yml
- module: system
# Syslog
syslog:
enabled: true
var.paths: ["/var/log/syslog*"]
auth:
enabled: true
var.paths: ["/var/log/auth.log*"]
- sudo systemctl restart filebeat
- sudo systemctl restart logstash
COMMENTS