Project

General

Profile

Support #415

Updated by Daniel Curtis over 8 years ago

This is a guide for installing an ElasticSearch, Logstash, and Kibana stack on Arch Linux. 

 h2. Prepare the Environment 

 * Make sure the system is up to date: 
 <pre> 
 sudo pacman -Syu 
 yaourt -Syu 
 </pre> 

 * Install "yaourt":https://project.altservice.com/issues/509 

 h2. Install ElasticSearch 

 * Install ElasticSearch: 
 <pre> 
 sudo pacman -S elasticsearch 
 </pre> 

 * Enable cross origin access: 
 <pre> 
 sudo echo 'http.cors.allow-origin: "/.*/"' >> /etc/elasticsearch/elasticsearch.yml 
 sudo echo 'http.cors.enabled: true' >> /etc/elasticsearch/elasticsearch.yml 
 </pre> 

 * Start and enable ElasticSearch at boot: 
 <pre> 
 sudo systemctl enable elasticsearch.service 
 sudo systemctl start elasticsearch.service 
 </pre> 

 h2. Install Logstash 

 * Install Logstash from the AUR: 
 <pre> 
 yaourt logstash 
 </pre> 

 * Now create a simple configuration file:  
 <pre> 
 sudo vi /etc/logstash/conf.d/logstash-simple.conf 
 </pre> 
 #* And add the following: 
 <pre> 
 input { 
   file { 
     path => "/var/log/faillog" 
     start_position => beginning 
   } 

   # network syslog input 
   syslog { 
     host => "0.0.0.0" 
     port => 514 
   } 

 } 

 output { 
   elasticsearch { host => localhost } 
 } 
 </pre> 

 * Start and enable the Logstash agent: 
 <pre> 
 sudo systemctl enable logstash.service 
 sudo systemctl start logstash.service 
 </pre> 

 * Start and enable the Logstash web interface: 
 <pre> 
 sudo systemctl enable logstash-web.service 
 sudo systemctl start logstash-web.service 
 </pre> 

 h2. Install Kibana 

 * Install Kibana from the AUR: 
 <pre> 
 yaourt kibana 
 </pre> 

 * Start and enable kibana at boot: 
 <pre> 
 sudo systemctl enable kibana.service 
 sudo systemctl start kibana.service 
 </pre> 

 h2. Install Nginx 

 * Install nginx: 
 <pre> 
 sudo pacman -S nginx 
 </pre> 

 * Install Apache Tools from the AUR: 
 <pre> 
 yaourt apache-tools 
 </pre> 
 #* *NOTE*: The AUR package was a little stale, I needed to edit the PKDBUILD and change the following: 
 <pre> 
 pkgver=2.4.12 
 sha256sums=('ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4' 
 '2dc48d34773b0c873d10e3542f77a4f7b50d5fb9bd8c52e3bb28b76ff9587f3f') 
 sha512sums=('f69db14b421f0e1e4861fe4d8b652688d50ca9eb41c622242d11ae55687eb6c2142a8505a8c3fb6f2bd53167be535bc0a77ca1af97e0720930fc7f20f4c1f8e8' 
 '6e068e7820e852c788a521ad28c367af4c1c22fded51ede7ae3f840a8a04737cfbe4503c2f3f899c89461d984007e84f80376b5a8a27c7eec8ec0fd78155c22b') 
 </pre> 

 * Edit the nginx config: 
 <pre> 
 sudo vi /etc/nginx/nginx.conf 
 </pre> 
 #* And add the following server block: 
 <pre> 
 # Nginx proxy for Elasticsearch + Kibana 
 # 
 server { 
     listen                  80; 
     server_name             localhost; 
     access_log              /var/log/nginx-logstash.log; 

     auth_basic "Restricted Access"; 
     auth_basic_user_file /etc/webapps/kibana/htpasswd.users; 

     location / { 
         proxy_pass http://localhost:5601; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection 'upgrade'; 
         proxy_set_header Host $host; 
         proxy_cache_bypass $http_upgrade;         
     } 
 } 
 </pre> 

 * Then generate a htpasswd file: 
 <pre> 
 sudo htpasswd -c -b /etc/webapps/kibana/htpasswd.users username SuperSecretPassword 
 </pre> 

 * Start and enable nginx at boot; 
 <pre> 
 sudo systemctl enable nginx.service 
 sudo systemctl start nginx.service 
 </pre>

Back