Join Me on My Journey: Step-by-Step Guide to Installing Elastic Stack on Your Ubuntu Server
Requirements
- A minimum of 2 CPU cores.
- A minimum of 2 CPU cores.
- At least 4 GB of RAM.
- OpenJDK 11 installed.
Step 1 - installing Elasticsearch
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch |sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update
sudo apt install elasticsearch
sudo nano /etc/elasticsearch/elasticsearch.yml
**# Set the bind address to a specific IP (IPv4 or IPv6):
network.host: localhost
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
curl -X GET "localhost:9200"
Output
{
"name" : "Elasticsearch",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "n8Qu5CjWSmyIXBzRXK-j4A",
"version" : {
"number" : "7.17.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "de7261de50d90919ae53b0eff9413fd7e5307301",
"build_date" : "2022-03-28T15:12:21.446567561Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Step 2 -Installing Kibana
sudo apt install kibana
sudo systemctl enable kibana
sudo systemctl start kibana
Step 3 -Installing and configuring Filebeat
sudo apt install filebeat
sudo nano /etc/filebeat/filebeat.yml
filebeat.input
-type: filestream
id: zeek-logs
enabled: true
paths:
- /opt/zeek/logs/current/*.log
tags: ["zeek"]
Step 4 - Installing zeek
apt-get update
apt-get install -y --no-install-recommends g++ cmake make libpcap-dev
echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list
curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null
sudo apt update
sudo apt install zeek-6.0
sudo nano /opt/zeek/etc/node.cfg
[zeek]
type=standalone
host=localhost
interface=eth0 # change this according to your listening interface in ifconfig
/opt/zeek/bin
./zeekctl
[ZeekControl] > install
[ZeekControl] > start
[ZeekControl] > deploy
Step 5 - Accessing Kibana
To access Kibana, establish an SSH Tunnel to forward ports 9200 and 5601 from the remote server directly to your local machine.
ssh -L 9200:localhost:9200 -L 5601:localhost:5601 remote_hostname@remote_ip
Now, Kibana can be accessed on localhost:5601.
