Support #415
Updated by Daniel Curtis over 8 years ago
This is a guide for installing an ElasticSearch, Logstash, and Kibana stack on Arch Linux. h2. Prepare the Environment * Make sure the system is up to date: <pre> sudo pacman -Syu yaourt -Syu </pre> * Install "yaourt":https://project.altservice.com/issues/509 h2. Install ElasticSearch * Install ElasticSearch: <pre> sudo pacman -S elasticsearch </pre> * Enable cross origin access: <pre> sudo echo 'http.cors.allow-origin: "/.*/"' >> /etc/elasticsearch/elasticsearch.yml sudo echo 'http.cors.enabled: true' >> /etc/elasticsearch/elasticsearch.yml </pre> * Start and enable ElasticSearch at boot: <pre> sudo systemctl enable elasticsearch.service sudo systemctl start elasticsearch.service </pre> h2. Install Logstash * Install Logstash from the AUR: <pre> yaourt logstash </pre> * Now create a simple configuration file: <pre> sudo vi /etc/logstash/conf.d/logstash-simple.conf </pre> #* And add the following: <pre> input { file { path => "/var/log/faillog" start_position => beginning } # network syslog input syslog { host => "0.0.0.0" port => 514 } } output { elasticsearch { host => localhost } } </pre> * Start and enable the Logstash agent: <pre> sudo systemctl enable logstash.service sudo systemctl start logstash.service </pre> * Start and enable the Logstash web interface: <pre> sudo systemctl enable logstash-web.service sudo systemctl start logstash-web.service </pre> h2. Install Kibana * Install Kibana from the AUR: <pre> yaourt kibana </pre> * Start and enable kibana at boot: <pre> sudo systemctl enable kibana.service sudo systemctl start kibana.service </pre> h2. Install Nginx * Install nginx: <pre> sudo pacman -S nginx </pre> * Install Apache Tools from the AUR: <pre> yaourt apache-tools </pre> #* *NOTE*: The AUR package was a little stale, I needed to edit the PKDBUILD and change the following: <pre> pkgver=2.4.12 sha256sums=('ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4' '2dc48d34773b0c873d10e3542f77a4f7b50d5fb9bd8c52e3bb28b76ff9587f3f') sha512sums=('f69db14b421f0e1e4861fe4d8b652688d50ca9eb41c622242d11ae55687eb6c2142a8505a8c3fb6f2bd53167be535bc0a77ca1af97e0720930fc7f20f4c1f8e8' '6e068e7820e852c788a521ad28c367af4c1c22fded51ede7ae3f840a8a04737cfbe4503c2f3f899c89461d984007e84f80376b5a8a27c7eec8ec0fd78155c22b') </pre> * Edit the nginx config: <pre> sudo vi /etc/nginx/nginx.conf </pre> #* And add the following server block: <pre> # Nginx proxy for Elasticsearch + Kibana # server { listen 80; server_name localhost; access_log /var/log/nginx-logstash.log; auth_basic "Restricted Access"; auth_basic_user_file /etc/webapps/kibana/htpasswd.users; location / { proxy_pass http://localhost:5601; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } </pre> * Then generate a htpasswd file: <pre> sudo htpasswd -c -b /etc/webapps/kibana/htpasswd.users username SuperSecretPassword </pre> * Start and enable nginx at boot; <pre> sudo systemctl enable nginx.service sudo systemctl start nginx.service </pre>