angelobelchior · March 21, 2021 02:34
diff --git a/elastic stack b/elastic stack
 #Passo-a-passo para a instalação do Elastic Stack seguindo as aulas do Eduardo Neves (https://www.youtube.com/watch?v=B3Vl0nQyK-U)
 #Esse passo-a-passo foi testado no Ubuntu 20.04

 #Java
 sudo apt update
 sudo apt install default-jre
 sudo apt install default-jdk
 export JAVA_HOME=/usr/lib/jvm/default-java-
 export PATH=${PATH}:${JAVA_HOME}/bin

 #Elastic
 sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 sudo apt-get install apt-transport-https
 echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
 sudo apt-get update
 sudo apt-get install elasticsearch
 sudo nano /etc/elasticsearch/elasticsearch.yml
 -> network.host: 0.0.0.0
 -> http.port: 9200
 -> cluster.name: myCluster1
 -> node.name: "myNode1"
 sudo /bin/systemctl enable elasticsearch.service
 sudo systemctl start elasticsearch.service
 #Esperar uns segundos ate o servico subir
 sudo curl -XGET 'localhost:9200/?pretty'

 #Kibana
 sudo apt-get install kibana
 sudo /bin/systemctl enable kibana.service
 sudo /bin/systemctl start kibana.service
 sudo /bin/systemctl status kibana.service
 sudo nano /etc/kibana/kibana.yml
 -> server.port: 5601
 -> server.host: "localhost"
 -> elasticsearch.hosts: ["http://localhost:9200"]


 #Logstash
 sudo apt-get install logstash
 cd /etc/logstash/conf.d/
 sudo nano syslog.conf
 '''
 input {
  udp {
    host => "127.0.0.1"
    port => 10514
    codec => "json"
    type => "rsyslog"
  }
 }

 filter { }

 output {
  stdout { }
 }
 '''
 curl -XGET 'localhost:9600/?pretty'
 sudo nano /etc/logstash/conf.d/30-elasticsearch-output.conf
 '''
 output {
  elasticsearch {
    hosts => ["localhost:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
 }
 '''
 sudo /bin/systemctl enable logstash
 sudo /bin/systemctl start logstash
 sudo /bin/systemctl status logstash
 sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

 #Beats
 sudo apt install filebeat
 sudo nano /etc/filebeat/filebeat.yml
 -> Alterar o output do elasticsearch pro logstash
 #output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  
 output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]
 sudo filebeat modules enable system
 sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
 sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601
 sudo /bin/systemctl start filebeat
 sudo /bin/systemctl enable filebeat
 curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

 sudo apt-get install metricbeat
 sudo nano /etc/metricbeat/metricbeat.yml
 -> Alterar o output do elasticsearch pro logstash
 #output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  
 output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]
 sudo /bin/systemctl start metricbeat
 sudo /bin/systemctl enable metricbeat
 sudo metricbeat modules enable kibana
 sudo metricbeat modules enable logstash
 sudo metricbeat modules enable http
 sudo metricbeat modules enable etcd

 sudo apt-get install heartbeat-elastic
 sudo nano /etc/heartbeat/heartbeat.yml
 -> Alterar o output do elasticsearch pro logstash
 #output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  
 output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]
 sudo service heartbeat-elastic start
 sudo /bin/systemctl start heartbeat-elastic
 sudo /bin/systemctl enable heartbeat-elastic

 sudo apt install auditbeat
 sudo nano /etc/auditbeat/auditbeat.yml
 -> Alterar o output do elasticsearch pro logstash
 #output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  
 output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]
 sudo /bin/systemctl start auditbeat
 sudo /bin/systemctl enable auditbeat

 #####
 apt update && apt upgrade -y
 apt install -y apt-transport-https openjdk-11-jre-headles 

 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
 apt update && apt install -y elasticsearch logstash kibana
	#Passo-a-passo para a instalação do Elastic Stack seguindo as aulas do Eduardo Neves (https://www.youtube.com/watch?v=B3Vl0nQyK-U)
	#Esse passo-a-passo foi testado no Ubuntu 20.04

	#Java
	sudo apt update
	sudo apt install default-jre
	sudo apt install default-jdk
	export JAVA_HOME=/usr/lib/jvm/default-java-
	export PATH=${PATH}:${JAVA_HOME}/bin

	#Elastic
	sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -
	sudo apt-get install apt-transport-https
	echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" \| sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
	sudo apt-get update
	sudo apt-get install elasticsearch
	sudo nano /etc/elasticsearch/elasticsearch.yml
	-> network.host: 0.0.0.0
	-> http.port: 9200
	-> cluster.name: myCluster1
	-> node.name: "myNode1"
	sudo /bin/systemctl enable elasticsearch.service
	sudo systemctl start elasticsearch.service
	#Esperar uns segundos ate o servico subir
	sudo curl -XGET 'localhost:9200/?pretty'

	#Kibana
	sudo apt-get install kibana
	sudo /bin/systemctl enable kibana.service
	sudo /bin/systemctl start kibana.service
	sudo /bin/systemctl status kibana.service
	sudo nano /etc/kibana/kibana.yml
	-> server.port: 5601
	-> server.host: "localhost"
	-> elasticsearch.hosts: ["http://localhost:9200"]


	#Logstash
	sudo apt-get install logstash
	cd /etc/logstash/conf.d/
	sudo nano syslog.conf
	'''
	input {
	udp {
	host => "127.0.0.1"
	port => 10514
	codec => "json"
	type => "rsyslog"
	}
	}

	filter { }

	output {
	stdout { }
	}
	'''
	curl -XGET 'localhost:9600/?pretty'
	sudo nano /etc/logstash/conf.d/30-elasticsearch-output.conf
	'''
	output {
	elasticsearch {
	hosts => ["localhost:9200"]
	manage_template => false
	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	}
	}
	'''
	sudo /bin/systemctl enable logstash
	sudo /bin/systemctl start logstash
	sudo /bin/systemctl status logstash
	sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

	#Beats
	sudo apt install filebeat
	sudo nano /etc/filebeat/filebeat.yml
	-> Alterar o output do elasticsearch pro logstash
	#output.elasticsearch:
	# Array of hosts to connect to.
	#hosts: ["localhost:9200"]

	output.logstash:
	# The Logstash hosts
	hosts: ["localhost:5044"]
	sudo filebeat modules enable system
	sudo filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
	sudo filebeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601
	sudo /bin/systemctl start filebeat
	sudo /bin/systemctl enable filebeat
	curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

	sudo apt-get install metricbeat
	sudo nano /etc/metricbeat/metricbeat.yml
	-> Alterar o output do elasticsearch pro logstash
	#output.elasticsearch:
	# Array of hosts to connect to.
	#hosts: ["localhost:9200"]

	output.logstash:
	# The Logstash hosts
	hosts: ["localhost:5044"]
	sudo /bin/systemctl start metricbeat
	sudo /bin/systemctl enable metricbeat
	sudo metricbeat modules enable kibana
	sudo metricbeat modules enable logstash
	sudo metricbeat modules enable http
	sudo metricbeat modules enable etcd

	sudo apt-get install heartbeat-elastic
	sudo nano /etc/heartbeat/heartbeat.yml
	-> Alterar o output do elasticsearch pro logstash
	#output.elasticsearch:
	# Array of hosts to connect to.
	#hosts: ["localhost:9200"]

	output.logstash:
	# The Logstash hosts
	hosts: ["localhost:5044"]
	sudo service heartbeat-elastic start
	sudo /bin/systemctl start heartbeat-elastic
	sudo /bin/systemctl enable heartbeat-elastic

	sudo apt install auditbeat
	sudo nano /etc/auditbeat/auditbeat.yml
	-> Alterar o output do elasticsearch pro logstash
	#output.elasticsearch:
	# Array of hosts to connect to.
	#hosts: ["localhost:9200"]

	output.logstash:
	# The Logstash hosts
	hosts: ["localhost:5044"]
	sudo /bin/systemctl start auditbeat
	sudo /bin/systemctl enable auditbeat

	#####
	apt update && apt upgrade -y
	apt install -y apt-transport-https openjdk-11-jre-headles

	wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -
	echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" \| sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
	apt update && apt install -y elasticsearch logstash kibana