Last active
May 16, 2019 09:07
-
-
Save tkuennen/73b4e617332e80b6afc3 to your computer and use it in GitHub Desktop.
ELK Stack Install (RHEL 7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd ~ | |
| wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.rpm" | |
| sudo yum localinstall jdk-8u65-linux-x64.rpm | |
| rm ~/jdk-8u65-linux-x64.rpm | |
| sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch | |
| echo '[elasticsearch-2.1]' >> /etc/yum.repos.d/elasticsearch.repo' | |
| echo 'name=Elasticsearch repository for 2.x packages' >> /etc/yum.repos.d/elasticsearch.repo' | |
| echo 'baseurl=http://packages.elastic.co/elasticsearch/2.x/centos' >> /etc/yum.repos.d/elasticsearch.repo' | |
| echo 'gpgcheck=1' >> /etc/yum.repos.d/elasticsearch.repo' | |
| echo 'gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch' >> /etc/yum.repos.d/elasticsearch.repo' | |
| echo 'enabled=1' >> /etc/yum.repos.d/elasticsearch.repo' | |
| sudo yum -y install elasticsearch | |
| echo 'network.host: localhost' >> /etc/elasticsearch/elasticsearch.yml | |
| sudo systemctl start elasticsearch | |
| sudo systemctl enable elasticsearch | |
| sudo groupadd -g 1005 kibana | |
| sudo useradd -u 1005 -g 1005 kibana | |
| cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz | |
| tar xvf kibana-*.tar.gz | |
| echo 'server.host: "localhost"' >> ~/kibana-4*/config/kibana.yml | |
| sudo mkdir -p /opt/kibana | |
| sudo cp -R ~/kibana-4*/* /opt/kibana/ | |
| sudo chown -R kibana: /opt/kibana | |
| cd /etc/init.d && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-init | |
| cd /etc/default && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-default | |
| sudo chmod +x /etc/init.d/kibana | |
| sudo service kibana start | |
| sudo chkconfig kibana on | |
| sudo yum -y install epel-release | |
| sudo yum -y install nginx httpd-tools | |
| sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin | |
| echo ' server { ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' listen 80; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' server_name example.com; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' auth_basic "Restricted Access"; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' auth_basic_user_file /etc/nginx/htpasswd.users; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' location / { ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_pass http://localhost:5601; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_http_version 1.1; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_set_header Upgrade $http_upgrade; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_set_header Connection 'upgrade'; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_set_header Host $host; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' proxy_cache_bypass $http_upgrade; ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' } ' >> /etc/nginx/conf.d/kibana.conf | |
| echo ' } ' >> /etc/nginx/conf.d/kibana.conf | |
| sudo systemctl start nginx | |
| sudo systemctl enable | |
| echo ' [logstash-2.1] ' >> /etc/yum.repos.d/logstash.repo | |
| echo ' name=logstash repository for 2.1 packages ' >> /etc/yum.repos.d/logstash.repo | |
| echo ' baseurl=http://packages.elasticsearch.org/logstash/2.1/centos' >> /etc/yum.repos.d/logstash.repo | |
| echo ' gpgcheck=1 ' >> /etc/yum.repos.d/logstash.repo | |
| echo ' enabled=1 ' >> /etc/yum.repos.d/logstash.repo | |
| sudo yum -y install logstash | |
| echo ' subjectAltName = IP: logstash_server_private_ip' >> /etc/pki/tls/openssl.cnf | |
| cd /etc/pki/tls | |
| sudo openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 1095 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt | |
| echo ' input { ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' beats { ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' port => 5044 ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' type => "logs" ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' ssl => true ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt" ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' ssl_key => "/etc/pki/tls/private/logstash-forwarder.key" ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' } ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' } ' >> /etc/logstash/conf.d/02-filebeat-input.conf | |
| echo ' filter { ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' if [type] == "syslog" { ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' grok { ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' add_field => [ "received_at", "%{@timestamp}" ] ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' add_field => [ "received_from", "%{host}" ] ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' syslog_pri { } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' date { ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf | |
| echo ' output { ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf | |
| echo ' elasticsearch { hosts => ["localhost:9200"] } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf | |
| echo ' stdout { codec => rubydebug } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf | |
| echo ' } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf | |
| sudo service logstash configtest | |
| sudo systemctl restart logstash | |
| sudo chkconfig logstash on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment