Support #415
Updated by Daniel Curtis over 10 years ago
This is a guide for installing an ElasticSearch, Logstash, and Kibana stack on Arch Linux.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
sudo pacman -Syu
yaourt -Syu
</pre>
h2. Install ElasticSearch
* Install ElasticSearch:
<pre>
sudo pacman -S elasticsearch
</pre>
* Enable cross origin access:
<pre>
sudo echo 'http.cors.allow-origin: "/.*/"' >> /etc/elasticsearch/elasticsearch.yml
sudo echo 'http.cors.enabled: true' >> /etc/elasticsearch/elasticsearch.yml
</pre>
* Start and enable ElasticSearch at boot:
<pre>
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
</pre>
h2. Install Logstash
* Install Logstash from the AUR:
<pre>
yaourt logstash
</pre>
* Now create a simple configuration file:
<pre>
sudo vi /etc/logstash/conf.d/logstash-simple.conf
</pre>
#* And add the following:
<pre>
input {
file {
path => "/var/log/faillog"
start_position => beginning
}
# network syslog input
syslog {
host => "0.0.0.0"
port => 514
}
}
output {
elasticsearch { host => localhost }
}
</pre>
* Start and enable the Logstash agent:
<pre>
sudo systemctl enable logstash.service
sudo systemctl start logstash.service
</pre>
* Start and enable the Logstash web interface:
<pre>
sudo systemctl enable logstash-web.service
sudo systemctl start logstash-web.service
</pre>
h2. Install Kibana
* Install Kibana from the AUR:
<pre>
yaourt kibana
</pre>
* Start and enable kibana at boot:
<pre>
sudo systemctl enable kibana.service
sudo systemctl start kibana.service
</pre>
h2. Install Nginx
* Install nginx:
<pre>
sudo pacman -S nginx
</pre>
* Install Apache Tools from the AUR:
<pre>
yaourt apache-tools
</pre>
#* *NOTE*: The AUR package was a little stale, I needed to edit the PKDBUILD and change the following:
<pre>
pkgver=2.4.12
sha256sums=('ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4'
'2dc48d34773b0c873d10e3542f77a4f7b50d5fb9bd8c52e3bb28b76ff9587f3f')
sha512sums=('f69db14b421f0e1e4861fe4d8b652688d50ca9eb41c622242d11ae55687eb6c2142a8505a8c3fb6f2bd53167be535bc0a77ca1af97e0720930fc7f20f4c1f8e8'
'6e068e7820e852c788a521ad28c367af4c1c22fded51ede7ae3f840a8a04737cfbe4503c2f3f899c89461d984007e84f80376b5a8a27c7eec8ec0fd78155c22b')
</pre>
* Edit the nginx config:
<pre>
sudo vi /etc/nginx/nginx.conf
</pre>
#* And add the following server block:
<pre>
# Nginx proxy for Elasticsearch + Kibana
#
server {
listen 80;
server_name localhost;
access_log /var/log/nginx-logstash.log;
auth_basic "Restricted Access";
auth_basic_user_file /etc/webapps/kibana/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
</pre>
* Then generate a htpasswd file:
<pre>
sudo htpasswd -c -b /etc/webapps/kibana/htpasswd.users username SuperSecretPassword
</pre>
* Start and enable nginx at boot;
<pre>
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
</pre>