ELK Setup Script

001-elksetup.sh

#!/bin/bash          

# ---------------------------------------------------------------------------
# elksetup.sh - Ubuntu 14.04 based ELK installation script

# Copyright 2015,  https://github.com/zebde
    
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License at <http://www.gnu.org/licenses/> for
# more details.

# Usage: elksetup.sh
# Usage: bash -c "$(curl -fsSL https://gist.github.com/zebde/aa8bca77de96b00bfc136807f1769b3a/raw/001-elksetup.sh)"
# ---------------------------------------------------------------------------

## General Tidyness
sudo apt-get -y install software-properties-common python-software-properties
sudo add-apt-repository -y ppa:webupd8team/java
wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
##echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee -a /etc/apt/sources.list.d/logstash.list
sudo apt-get -y update
sudo apt-get -y upgrade

## Get Java RE
echo debconf shared/accepted-oracle-license-v1-1 select true | sudo debconf-set-selections
echo debconf shared/accepted-oracle-license-v1-1 seen true | sudo debconf-set-selections
sudo apt-get -y install oracle-java8-installer
sudo bash -c "echo JAVA_HOME=/usr/lib/jvm/java-8-oracle/ >> /etc/environment"

## Get the core

### Logstash
##sudo apt-get install logstash

### Elasticsearch
sudo apt-get -y install elasticsearch
##### setup the rc.d defaults for the service and restart it
sudo update-rc.d elasticsearch defaults 95 10
sudo service elasticsearch start

### Kibana
sudo mkdir -p /srv/www
wget -P /tmp https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz
sudo tar xf /tmp/kibana-4.3.0-linux-x64.tar.gz -C /srv/www/
sudo mv /srv/www/kibana-4.3.0-linux-x64 /srv/www/kibana
sudo chown -R www-data:www-data /srv/www/kibana
sudo sed -i 's/host: "0.0.0.0"/host: "localhost"/g' /srv/www/kibana/config/kibana.yml
sudo wget -O /etc/init.d/kibana https://gist.githubusercontent.com/zebde/aa8bca77de96b00bfc136807f1769b3a/raw/003-kibana.script
sudo chmod +x /etc/init.d/kibana
sudo update-rc.d kibana defaults 96 9
sudo service kibana start

### TimeLion
sudo /srv/www/kibana/bin/kibana plugin -i kibana/timelion
sudo service kibana restart

### NGINX
sudo apt-get -y install nginx apache2-utils
p=`openssl rand -base64 6`
sudo htpasswd -bc /etc/nginx/htpasswd.users kibanaadmin $p
sudo wget -O /etc/nginx/sites-available/elk.conf https://gist.githubusercontent.com/zebde/aa8bca77de96b00bfc136807f1769b3a/raw/002-elk.conf
sudo ln -s /etc/nginx/sites-available/elk.conf /etc/nginx/sites-enabled/elk.conf
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart



echo "-------------------------------------------"
echo "-          ELK Setup Complete             -"
echo "-                                         -"
echo "-  You can access kibana on port 80       -"
echo "-  Username: kibanaadmin                  -"
echo "-  Password: $p                       -"
echo "-                                         -"
echo "-------------------------------------------"

002-elk.conf

server {
    listen 80;
 
    server_name example.com;
 
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;
 
    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

003-kibana.script

#!/bin/sh
#
# /etc/init.d/kibana4 -- startup script for kibana4
# [email protected] 2015-02-20; used elasticsearch init script as template
# https://github.com/akabdog/scripts/edit/master/kibana4_init
#
### BEGIN INIT INFO
# Provides:          kibana4
# Required-Start:    $network $remote_fs $named
# Required-Stop:     $network $remote_fs $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts kibana4
# Description:       Starts kibana4 using start-stop-daemon
### END INIT INFO

#configure this with wherever you unpacked kibana:
KIBANA_BIN=/srv/www/kibana/bin

PID_FILE=/var/run/$NAME.pid
PATH=/bin:/usr/bin:/sbin:/usr/sbin:$KIBANA_BIN
DAEMON=$KIBANA_BIN/kibana
NAME=kibana
DESC="Kibana"

if [ `id -u` -ne 0 ]; then
	echo "You need root privileges to run this script"
	exit 1
fi

. /lib/lsb/init-functions

if [ -r /etc/default/rcS ]; then
	. /etc/default/rcS
fi

case "$1" in
  start)
	log_daemon_msg "Starting $DESC"

	pid=`pidofproc -p $PID_FILE kibana`
	if [ -n "$pid" ] ; then
		log_begin_msg "Already running."
		log_end_msg 0
		exit 0
	fi

	# Start Daemon
	start-stop-daemon --start --pidfile "$PID_FILE" --make-pidfile --background --exec $DAEMON
	log_end_msg $?
	;;
  stop)
	log_daemon_msg "Stopping $DESC"

	if [ -f "$PID_FILE" ]; then
		start-stop-daemon --stop --pidfile "$PID_FILE" \
			--retry=TERM/20/KILL/5 >/dev/null
		if [ $? -eq 1 ]; then
			log_progress_msg "$DESC is not running but pid file exists, cleaning up"
		elif [ $? -eq 3 ]; then
			PID="`cat $PID_FILE`"
			log_failure_msg "Failed to stop $DESC (pid $PID)"
			exit 1
		fi
		rm -f "$PID_FILE"
	else
		log_progress_msg "(not running)"
	fi
	log_end_msg 0
	;;
  status)
	status_of_proc -p $PID_FILE kibana kibana && exit 0 || exit $?
    ;;
  restart|force-reload)
	if [ -f "$PID_FILE" ]; then
		$0 stop
		sleep 1
	fi
	$0 start
	;;
  *)
	log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
	exit 1
	;;
esac

exit 0