Plit00's Story

ELK Stack install Ubuntu 18.04(설치) 본문

Security/Elasticsearch

ELK Stack install Ubuntu 18.04(설치)

plit00 2023. 4. 11. 14:42

 

[과거 CentOS와 우분투 둘 다 구축해본 결과 우분투가 더 잘 맞는]

  • Elasticsearch
wget -qO - <https://artifacts.elastic.co/GPG-KEY-elasticsearch> | sudo apt-key add -

echo "deb <https://artifacts.elastic.co/packages/7.x/apt> stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

sudo apt update

sudo apt install elasticsearch

기본 구성 파일 편집

sudo nano /etc/elasticsearch/elasticsearch.yml 

--------------------Network---------------------------
network.host : my_ip
http.port : 9200 

--------------------Discovery--------------------------
discovery.seed_hosts: ["0.0.0.0", "[::]"]

저장

sudo systemctl start elasticsearch 
sudo systemctl enable elasticsearch 

sudo ufw allow 9200
sudo ufw enable 
sudo ufw status 

[GET 테스트]
curl -X GET 'http://my_ip:9200'

my_ip:9200 접속

 

  • Kibana
sudo apt install kibana

sudo nano /etc/kibana/kibana.yml

---------------------------------------------
server.port : 5601
server.host : "0.0.0.0"

elasticsearch.hosts: ["http://my_ip:9200"]

저장 

sudo ufw allow 5601
sudo ufw reload

sudo systemctl start kibana
sudo systemctl enable kibana

 

 

yml 파일 편집을 할 경우 항상 restart

  • Logstash
sudo apt install logstash 

sudo ufw allow 5044
sudo ufw reload

sudo systemctl start logstash
sudo systemctl enable logstash
  • Filebeat
sudo apt install filebeat 

sudo nano /etc/filebeat/filebeat.yml 

------elasticsearch------
output.elasticsearch : 
	hosts: ["my_ip:9200"]

-------------------------
저장 

sudo systemctl start filebeat
sudo systemctl enable filebeat

 

 

Reference

'Security > Elasticsearch' 카테고리의 다른 글

[Node.js] - error Unexpected token in JSON at position 583066  (0) 2023.01.25
[Node.js] - Elasticsearch 페이지 출력  (0) 2023.01.25
[Node.js] - Elasticsearch query  (0) 2022.12.18
ELK Stack - DC Server Packetbeat 연동  (0) 2022.04.15
ELK Stack - Winlogbeat, Sysmon연동  (0) 2022.04.15
'Security/Elasticsearch' Related Articles more
Comments