Ubuntu 18 and ELK 7.2
sudo apt update && apt -y upgrade
#elasticsearch
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get -y install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get -y install elasticsearch
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
#Kibana
sudo apt-get install kibana
nano /etc/kibana/kibana.yml # set server.port and server.host(server ip address or name)
#enable port 80 to be used by node.js:
setcap cap_net_bind_service=+epi /usr/share/kibana/node/bin/node
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
#logstash
apt install openjdk-11-jre-headless
sudo apt-get install logstash
systemctl enable logstash
#create new file
nano /etc/logstash/conf.d/logstash.conf
#add:
input {
tcp {
port => 514
type => syslog
}
udp {
port => 514
type => syslog
}
}
output {
elasticsearch {
hosts => ["localhost"]
}
# stdout {codec => rubydebug }
}
#enable port 514 to be used by java
setcap cap_net_bind_service=+epi /usr/lib/jvm/java-11-openjdk-amd64/bin/java
logger -n 127.0.0.1 system works
