Install and Configure an EFK stack on centos6

Hello, I’m Takeken.
I feel like scrambled egg, it’s a humidity day and a rainy day and a hot day.

this time is I introduce how to install EFK stack(Elasticsearch, Fluentd, kibana) on Centos6.
I have already finished to making on Debian8, but this time, I was challenged other environment.

What is can us do? It will also show you how to configure it to visualize the access log of Elasticsearch server.
By visualizing log, We could know the state of the server.

Done.

How to install Elasticsearch

install package JAVA, it might be better “yum install”.

sudo rpm --import http://packages.elasticsearch.org/GPG-KEY-elasticsearch

sudoedit /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-1.2]
name=Elasticsearch repository for 1.2.x packages
baseurl=http://packages.elasticsearch.org/elasticsearch/1.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1

sudo yum install elasticsearch

sudo service elasticsearch restart
sudo chkconfig elasticsearch on                                                         
sudo chkconfig --list elasticsearch
elasticsearch  	0:off	1:off	2:on	3:on	4:on	5:on	6:off

Phew!

$ curl -s http://localhost:9200  | head -3                                                [~]
{
  "status" : 200,
  "name" : "Silverclaw",

Next!

How to install kibana

cd ~/

sudo wget https://download.elastic.co/kibana/kibana/kibana-3.1.2.tar.gz
sudo tar zxvf kibana-3.1.2.tar.gz
cd kibana-3.1.2

sudo mkdir /var/www/html/kibana3/
sudo cp -R /usr/local/src/kibana-3.1.2/* /var/www/html/kibana3/

Ok.

To see the graph from the browser, apparently there is a need that can be accessed from the outside to the 9200 port.
In short, if you could admit access to 9200 from the client’s IP addr so that you can see.

Next!

How to install td-agent(fluentd)

http://toolbelt.treasuredata.com/
curl -L http://toolbelt.treasuredata.com/sh/install-redhat-td-agent2.sh | sh

Bonus

libxml2 2.9.2... ERROR
# yum -y install libxml2 libxslt libxml2-devel libxslt-devel
# gem install nokogiri -- --use-system-libraries

I prepared two pattern, both main and ltsv at a access log,
and ltsv pattern is send to Elasticsearch Server by td-agent.

Example, like this.

kibana01

We can know information by issued various query.
Example, from the Google search? Scan? Attack?
We can know these.

Similar Posts:


Leave a Reply

Your email address will not be published. Required fields are marked *