#Copy entire install directory to c:\install\ , this guide assumes the following path c:\install\logserver
#Check Firefox or Chrome is installed on the system and Notepad ++
#Open cmd as administrator , than copy and paste the uncomment commands
set JAVA_HOME="C:\Program Files\Java\jre1.8.0_65"
setx /M JAVA_HOME "C:\Program Files\Java\jre1.8.0_65"
#install java
#C:\install\logserver\jre-8u65-windows-x64.exe /s
C:\install\logserver\jre-8u65-windows-x64.exe
#install node.js
#msiexec /qn /l* node-log.txt /i C:\install\logserver\node-v4.2.2-x64.msi
C:\install\logserver\node-v4.2.2-x64.msi
#extract ELK stack
mkdir c:\logserver\
cd c:\logserver\
unzip C:\install\logserver\elasticsearch-2.4.1.zip
cd c:\logserver\
unzip C:\install\logserver\logstash-2.4.0.zip
cd c:\logserver\
unzip C:\install\logserver\kibana-4.6.2-windows-x86.zip
cd c:\logserver\
unzip C:\install\logserver\nssm-2.24.zip
copy "C:\install\logserver\logstash-341.conf" "C:\logserver\logstash-2.4.0\bin\logstash.conf"
#configure elasticsearch
cd C:\logserver\elasticsearch-2.4.1\bin
plugin install file:///C:\install\logserver\elasticsearch-kopf-maste-201.zip
service install
service manager
# on service manager popup change to automatic and start the service
# Check elasticsearch and kopf running: "http://localhost:9200" "http://localhost:9200/_plugin/kopf"
# configure first index using kopf, go to "http://localhost:9200/_plugin/kopf", choose more -> index templates , enter template name "logstash" , copy content of
# indexTemplate-softov.xml to body field and press save
# create service for logstatsh and kibana
cd C:\logserver\nssm-2.24\win64\
nssm install Kibana-4.6.2
#Path: C:\logserver\kibana-4.6.2-windows-x86\bin\kibana.bat
#Arguments:
nssm install Logstash-2.4.0
#Path: C:\logserver\logstash-2.4.0\bin\logstash.bat
#Arguments: -w 2 -f logstash.conf
#***** -w number of cpu cores
#start kibana and logstash services
services.msc
#check Kibana is running "http://localhost:5601" (takes a few seconds to laod)
#Send first syslog messege with powershell:
#copy paste send_syslog.ps1 contet to powershell bash
powershell
# Refresh kibana page
# In kabana press "Create" button (should be now green instead of gray) to create the default index
# if still in powershell bash type:
exit
#check indices, copy the address in the browser
http://localhost:9200/_cat/indices?v
#install curator
#msiexec /qn /l* curator-log.txt /i
C:\install\logserver\elasticsearch-curator-4.1.2-win32.msi
#copy curator config files
copy "C:\install\logserver\conf.yml" "C:\Program Files\elasticsearch-curator\"
copy "C:\install\logserver\delIndex.yaml" "C:\Program Files\elasticsearch-curator\"
#Create Schedualed task
schtasks /create /tn Curator /tr "\"C:\Program Files\elasticsearch-curator\curator.exe\" --config conf.yml delIndex.yaml" /sc daily /st 01:00:00 /ru SYSTEM /rl HIGHEST /NP /v1
# you can test curator with del_all_indices.yaml content, when you check indeices in the browesr above you can see one index is created named logstash-*date
#you can temporary change delIndex.yaml file with del_all_indices.yaml to test if the schedual task works and deltes the index above
#to manage how many days curator will delete old indexes, edit the file C:\Program Files\elasticsearch-curator\delIndex.yaml where it says "unit_count:" thats how much days back to delete.
#Move indexes to other drive (if C drive to small):
#edit with notepad ++
C:\logserver\elasticsearch-2.4.1\config\elasticsearch.yml
# uncomment this line and change destination
# path.data: /path/to/data
#restart elasticsearch service