{"id":5555,"date":"2015-09-07T03:54:59","date_gmt":"2015-09-06T18:54:59","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=5555"},"modified":"2020-02-23T20:27:33","modified_gmt":"2020-02-23T11:27:33","slug":"install-and-configure-an-efk-stack-on-centos6","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=5555","title":{"rendered":"Install and Configure an EFK stack on centos6"},"content":{"rendered":"

Hello, I’m Takeken.
\nI feel like scrambled egg, it’s a humidity day and a rainy day and a hot day.<\/p>\n

this time is I introduce how to install EFK stack(Elasticsearch, Fluentd, kibana) on Centos6.
\nI have already finished to making on Debian8, but this time, I was challenged other environment.<\/p>\n

What is can us do? It will also show you how to configure it to visualize the access log of Elasticsearch server.
\nBy visualizing log, We could know the state of the server.<\/p>\n

Done.<\/p>\n

How to install Elasticsearch<\/p>\n

install package JAVA, it might be better “yum install”.<\/p>\n

\r\nsudo rpm --import http:\/\/packages.elasticsearch.org\/GPG-KEY-elasticsearch\r\n\r\nsudoedit \/etc\/yum.repos.d\/elasticsearch.repo\r\n\r\n[elasticsearch-1.2]\r\nname=Elasticsearch repository for 1.2.x packages\r\nbaseurl=http:\/\/packages.elasticsearch.org\/elasticsearch\/1.2\/centos\r\ngpgcheck=1\r\ngpgkey=http:\/\/packages.elasticsearch.org\/GPG-KEY-elasticsearch\r\nenabled=1\r\n\r\nsudo yum install elasticsearch\r\n\r\nsudo service elasticsearch restart\r\nsudo chkconfig elasticsearch on                                                         \r\nsudo chkconfig --list elasticsearch\r\nelasticsearch  \t0:off\t1:off\t2:on\t3:on\t4:on\t5:on\t6:off\r\n<\/pre>\n
Phew!<\/p>\n
\r\n$ curl -s http:\/\/localhost:9200  | head -3                                                [~]\r\n{\r\n  "status" : 200,\r\n  "name" : "Silverclaw",\r\n<\/pre>\n
Next!<\/p>\n
How to install kibana<\/p>\n
\r\ncd ~\/\r\n\r\nsudo wget https:\/\/download.elastic.co\/kibana\/kibana\/kibana-3.1.2.tar.gz\r\nsudo tar zxvf kibana-3.1.2.tar.gz\r\ncd kibana-3.1.2\r\n\r\nsudo mkdir \/var\/www\/html\/kibana3\/\r\nsudo cp -R \/usr\/local\/src\/kibana-3.1.2\/* \/var\/www\/html\/kibana3\/\r\n<\/pre>\n
Ok.<\/p>\n
To see the graph from the browser, apparently there is a need that can be accessed from the outside to the 9200 port.
\nIn short, if you could admit access to 9200 from the client’s IP addr so that you can see.<\/p>\n
Next!<\/p>\n
How to install td-agent\uff08fluentd\uff09<\/p>\n
\r\nhttp:\/\/toolbelt.treasuredata.com\/\r\ncurl -L http:\/\/toolbelt.treasuredata.com\/sh\/install-redhat-td-agent2.sh | sh\r\n<\/pre>\n
Bonus<\/p>\n
\r\nlibxml2 2.9.2... ERROR\r\n# yum -y install libxml2 libxslt libxml2-devel libxslt-devel\r\n# gem install nokogiri -- --use-system-libraries\r\n<\/pre>\n
I prepared two pattern, both main and ltsv at a access log,
\nand ltsv pattern is send to Elasticsearch Server by td-agent.<\/p>\n
Example, like this.<\/p>\n
\"kibana01\"<\/a><\/p>\n
We can know information by issued various query.
\nExample, from the Google search? Scan? Attack?
\nWe can know these.<\/p>\n
        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
Hello, I’m Takeken. I feel like scrambled egg, it’s a humidity day and a rainy day and a hot day.  … “Install and Configure an EFK stack on centos6” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[117],"tags":[],"class_list":["post-5555","post","type-post","status-publish","format-standard","hentry","category-english"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/5555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5555"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/5555\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}