• Table of contents
• Prepare the system
• Installing ElasticSearch
  • Securing Elasticsearch
• Install Logstash
• Install Kibana
  • Configuring Kibana
• Installing Nginx

This is a guide on setting up an ElasticSearch, Logstash, Kibana stack with Nginx on FreeBSD 9.3-RELEASE.

Prepare the system¶

• Update the system
  

  pkg update && pkg upgrade
  portsnap fetch extract
  

• Install portmaster:
  

  cd /usr/ports/ports-mgmt/portmaster
  make install clean
  pkg2ng
  

---

Installing ElasticSearch¶

• Install elasticsearch:
  

  portmaster textproc/elasticsearch
  

• Start and enable ElasticSearch at boot
  

  echo 'elasticsearch_enable="YES"' >> /etc/rc.conf
  service elasticsearch start
  

Securing Elasticsearch¶

• Up to version 1.2, Elasticsearch's dynamic scripting capability was enabled by default. Since this tutorial sets up the Kibana dashboard to be accessed from the public Internet, let's disable dynamic scripting by appending the following line at the end of the ElasticSearch configuration file:
  

  echo "script.disable_dynamic: true" >> /usr/local/etc/elasticsearch/elasticsearch.yml
  

• Also enable cross origin access:
  

  echo 'http.cors.allow-origin: "/.*/"' >> /usr/local/etc/elasticsearch/elasticsearch.yml
  echo 'http.cors.enabled: true' >> /usr/local/etc/elasticsearch/elasticsearch.yml
  

• Restart Elasticsearch:
  

  service elasticsearch restart
  

---

Install Logstash¶

• Install logstash:
  

  portmaster sysutils/logstash
  

• Create a basic configuration:
  

  vi /usr/local/etc/logstash/logstash.conf
  

  • Then modify the following:
    

    output {
    # Emit events to stdout for easy debugging of what is going through
    # logstash.
    #stdout { debug => "true" }
    
      elasticsearch {
        host => localhost
    }
    

• Start and enable logstash at boot:
  

  echo 'logstash_enable="YES"' >> /etc/rc.conf
  service logstash start
  

Install Kibana¶

• Install kibana:
  

  portmaster textproc/kibana
  

Configuring Kibana¶

Since Kibana will use port 80 to talk to Elasticsearch as opposed to the default port 9200, Kibana's config.js must be updated.

• Open Kibana configuration file and look for the following line:
  

  vi /usr/local/www/kibana/config.js
  

  • And change the elasticsearch: "http://"+window.location.hostname+":9200", parameter to the following:
    

    elasticsearch: "http://"+window.location.hostname+":80",
    

Installing Nginx¶

We will use Nginx as a proxy server to allow access to the dashboard from the Public Internet (with basic authentication).

• Install Nginx:
  

  portmaster www/nginx security/py-htpasswd
  

• Start and enable nginx at boot
  

  echo 'nginx_enable="YES"' >> /etc/rc.conf
  service nginx start
  

• Edit the nginx configuration file and change the primary server block as follows:
  

  vi /usr/local/etc/nginx/nginx.conf
  

  • And add the following:
    

    # Nginx proxy for Elasticsearch + Kibana
    #
    server {
     listen                80;
     server_name           localhost;
     access_log            /var/log/nginx-logstash.log;
    
     location / {
       root  /usr/local/www/kibana;
       index  index.html  index.htm;
     }
    
     location ~ ^/_aliases$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
     }
     location ~ ^/.*/_aliases$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
     }
     location ~ ^/_nodes$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
     }
     location ~ ^/.*/_search$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
     }
     location ~ ^/.*/_mapping {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
     }
    
     # Password protected end points
     location ~ ^/kibana-int/dashboard/.*$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
       limit_except GET {
         proxy_pass http://127.0.0.1:9200;
         auth_basic "Restricted";
         auth_basic_user_file /usr/local/etc/nginx/log.example.com.htpasswd;
       }
     }
     location ~ ^/kibana-int/temp.*$ {
       proxy_pass http://127.0.0.1:9200;
       proxy_read_timeout 90;
       limit_except GET {
         proxy_pass http://127.0.0.1:9200;
         auth_basic "Restricted";
         auth_basic_user_file /usr/local/etc/nginx/log.example.com.htpasswd;
       }
     }
    

• And generate a htpasswd file:
  

  python2.7 /usr/local/bin/htpasswd.py -c -b /usr/local/etc/nginx/log.example.com.htpasswd username SuperSecretPassword
  

• Finally, restart nginx as follows:
  

  service nginx restart