Hello, I’m Takeken.
I feel like scrambled egg, it’s a humidity day and a rainy day and a hot day.
this time is I introduce how to install EFK stack(Elasticsearch, Fluentd, kibana) on Centos6.
I have already finished to making on Debian8, but this time, I was challenged other environment.
What is can us do? It will also show you how to configure it to visualize the access log of Elasticsearch server.
By visualizing log, We could know the state of the server.
Done.
How to install Elasticsearch
install package JAVA, it might be better “yum install”.
sudo rpm --import http://packages.elasticsearch.org/GPG-KEY-elasticsearch sudoedit /etc/yum.repos.d/elasticsearch.repo [elasticsearch-1.2] name=Elasticsearch repository for 1.2.x packages baseurl=http://packages.elasticsearch.org/elasticsearch/1.2/centos gpgcheck=1 gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch enabled=1 sudo yum install elasticsearch sudo service elasticsearch restart sudo chkconfig elasticsearch on sudo chkconfig --list elasticsearch elasticsearch 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Phew!
$ curl -s http://localhost:9200 | head -3 [~]
{
"status" : 200,
"name" : "Silverclaw",
Next!
How to install kibana
cd ~/ sudo wget https://download.elastic.co/kibana/kibana/kibana-3.1.2.tar.gz sudo tar zxvf kibana-3.1.2.tar.gz cd kibana-3.1.2 sudo mkdir /var/www/html/kibana3/ sudo cp -R /usr/local/src/kibana-3.1.2/* /var/www/html/kibana3/
Ok.
To see the graph from the browser, apparently there is a need that can be accessed from the outside to the 9200 port.
In short, if you could admit access to 9200 from the client’s IP addr so that you can see.
Next!
How to install td-agent(fluentd)
http://toolbelt.treasuredata.com/ curl -L http://toolbelt.treasuredata.com/sh/install-redhat-td-agent2.sh | sh
Bonus
libxml2 2.9.2... ERROR # yum -y install libxml2 libxslt libxml2-devel libxslt-devel # gem install nokogiri -- --use-system-libraries
I prepared two pattern, both main and ltsv at a access log,
and ltsv pattern is send to Elasticsearch Server by td-agent.
Example, like this.
We can know information by issued various query.
Example, from the Google search? Scan? Attack?
We can know these.
