- \n
- 3 Servers<\/li>\n
- \n
- Ubuntu 18.04 with 4GB Ram\/memory as ‘elk-master’ – 10.0.15.10<\/li>\n
- Ubuntu 18.04 with 512MB\/1GB Ram\/Memory as ‘elk-client01’ – 10.0.15.21<\/li>\n
- CentOS 7.5 with 512MB\/1GB Ram\/Memory as ‘elk-client02’ – 10.0.15.22<\/li>\n<\/ul>\n
- Root privileges<\/li>\n<\/ul>\n
What we will do?<\/h2>\n
- \n
- Install Elastic Stack<\/li>\n
- \n
- Install Java<\/li>\n
- Install and Configure ElasticSearch<\/li>\n
- Install and Configure Kibana<\/li>\n
- Install and Configure Nginx as Reverse Proxy for Kibana<\/li>\n
- Install and Configure Logstash<\/li>\n<\/ol>\n
- Install and Configure Filebeat on Ubuntu 18.04<\/li>\n
- Install and Configure Filebeat on CentOS 7.5<\/li>\n
- Testing<\/li>\n<\/ol>\n
Step 1 – Install Elastic Stack<\/h2>\n
In this first step, we will install and configure the ‘Elastic Stack’ on the ‘elk-master’ server, so run all commands and stages for this step on the ‘elk-master’ server only. We will install and configure each component of the elastic stack, including Elasticsearch, Logstash shipper, and Kibana Dashboard with Nginx web server.<\/p>\n
Install Java<\/h3>\n
Java is required for the Elastic stack deployment. Elasticsearch requires Java 8. It is recommended to use the Oracle JDK 1.8, and we will install Java 8 from a PPA repository.<\/p>\n
Install the ‘software-properties-common’ and ‘apt-transport-https’ packages, and then add the PPA ‘webupd8team’ Java repository. Run the ‘apt install’ and ‘add-apt-repository’ command below.<\/p>\n
sudo apt install software-properties-common apt-transport-https -y
sudo add-apt-repository ppa:webupd8team\/java -y<\/p>\nNow install the java8-installer.<\/p>\n
sudo apt install oracle-java8-installer -y<\/p>\n
After the installation is complete, check the java version.<\/p>\n
java -version<\/p>\n
![\"Test](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts.png\" "\\"\\"")
<\/a><\/p>\nJava 1.8 installed on the system.<\/p>\n
Next, we will configure the java environment. Check the java binary file using the command below.<\/p>\n
update-alternatives –config java<\/p>\n
And you will get the java binary file on the ‘\/usr\/lib\/jvm\/java-8-oracle<\/strong>‘ directory.<\/p>\n
Now create the profile file ‘java.sh’ under the ‘profile.d’ directory.<\/p>\n
vim \/etc\/profile.d\/java.sh<\/p>\n
Paste java environment configuration below.<\/p>\n
#Set JAVA_HOME \nJAVA_HOME=\"\/usr\/lib\/jvm\/java-8-oracle\" \nexport JAVA_HOME \nPATH=$PATH:$JAVA_HOME \nexport PATH<\/pre>\n
Save and exit.<\/p>\n
Make the file executable and load the configuration file.<\/p>\n
chmod +x \/etc\/profile.d\/java.sh
source \/etc\/profile.d\/java.sh<\/p>\nNow check the java environment using the command below.<\/p>\n
echo $JAVA_HOME<\/p>\n
And you will get the java directory is located at ‘\/usr\/lib\/jvm\/java-8-oracle<\/strong>‘ directory.<\/p>\n
![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-1.png\" "\\"\\"")
<\/a><\/p>\nInstall Elasticsearch<\/h3>\n
After installing Java, we will install the first component of the Elastic Stack, we will install the elasticsearch.<\/p>\n
Add the elastic stack key and add the elastic repository to the system.<\/p>\n
wget -qO – https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add –
echo “deb https:\/\/artifacts.elastic.co\/packages\/6.x\/apt stable main” | sudo tee -a \/etc\/apt\/sources.list.d\/elastic-6.x.list<\/p>\nNow update the repository and install the elasticsearch package using the command below.<\/p>\n
sudo apt update
sudo apt install elasticsearch -y<\/p>\nAfter the installation is complete, go to the ‘\/etc\/elasticsearch’ directory and edit the configuration file ‘elasticsearch.yml’.<\/p>\n
cd \/etc\/elasticsearch\/
vim elasticsearch.yml<\/p>\nUncomment the ‘network.host’ line and change the value to ‘localhost’, and uncomment the ‘http.port’ line for the elasticsearch port configuration.<\/p>\n
network.host: localhost \nhttp.port: 9200<\/pre>\n
Save and exit.<\/p>\n
Now start the elasticsearch service and enable it to launch every time on system boot.<\/p>\n
systemctl start elasticsearch
systemctl enable elasticsearch<\/p>\n![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-2.png\" "\\"\\"")
<\/a><\/p>\nThe elasticsearch is now up and running, check it using netstat command netstat and curl commands below.<\/p>\n
netstat -plntu
curl -XGET ‘localhost:9200\/?pretty’<\/p>\nNow you will get the elasticsearch version ‘6.2.4’ is running on the default port ‘9200’.<\/p>\n
![\"Check](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-3.png\" "\\"\\"")
<\/a><\/p>\nThe elasticsearch installation has been completed.<\/p>\n
Install and Configure Kibana Dashboard<\/h3>\n
The second component is a kibana Dashboard. We will install the Kibana dashboard from the elastic repository, and configure the kibana service to run on the localhost address.<\/p>\n
Install Kibana dashboard using the apt command below.<\/p>\n
sudo apt install kibana -y<\/p>\n
Now go to the ‘\/etc\/kibana’ directory and edit the configuration file ‘kibana.yml’.<\/p>\n
cd \/etc\/kibana\/
vim kibana.yml<\/p>\nUncomment those lines ‘server.port’, ‘server.host’, and ‘elasticsearch.url’.<\/p>\n
server.port: 5601 \nserver.host: \"localhost\" \nelasticsearch.url: \"http:\/\/localhost:9200\"<\/pre>\n
Save and exit.<\/p>\n
Now start the kibana service and enable it to launch everytime at system boot.<\/p>\n
sudo systemctl enable kibana
sudo systemctl start kibana<\/p>\nThe kibana dashboard is now up and running on the ‘localhost’ address and the default port ‘5601’. Check it using netstat command below.<\/p>\n
netstat -plntu<\/p>\n
![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-4.png\" "\\"\\"")
<\/a><\/p>\nKibana dashboard installation has been completed.<\/p>\n
Install and Configure Nginx as Reverse-Proxy for Kibana<\/h3>\n
In this tutorial, we will be using the Nginx web server as a reverse proxy for the Kibana Dashboard.<\/p>\n
Install Nginx and the ‘apache2-utils’ packages to the system.<\/p>\n
sudo apt install nginx apache2-utils -y<\/p>\n
After the installation is complete, go to the ‘\/etc\/nginx’ configuration directory and create new virtual host file named ‘kibana’.<\/p>\n
cd \/etc\/nginx\/
vim sites-available\/kibana<\/p>\nPaste Nginx virtual host configuration below.<\/p>\n
server { listen 80; server_name elastic-stack.io; auth_basic \"Restricted Access\"; auth_basic_user_file \/etc\/nginx\/.kibana-user; location \/ { proxy_pass http:\/\/localhost:5601; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } \n}<\/pre>\nSave and exit.<\/p>\n
Next, we will create new basic authentication web server for accessing the Kibana dashboard. We will create the basic authentication using the htpasswd command as below.<\/p>\n
sudo htpasswd -c \/etc\/nginx\/.kibana-user elastic
Type the elastic user password<\/p>\nActivate the kibana virtual host and test all nginx configuration.<\/p>\n
ln -s \/etc\/nginx\/sites-available\/kibana \/etc\/nginx\/sites-enabled\/
nginx -t<\/p>\nMake sure there is no error, now start the Nginx service and enable it to launch everytime at system boot.<\/p>\n
systemctl enable nginx
systemctl restart nginx<\/p>\nNginx installation and configuration as a Reverse-proxy for the Kibana dashboard have been completed.<\/p>\n
![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-5.png\" "\\"\\"")
<\/a><\/p>\nInstall and Configure Logstash<\/h3>\n
The last component for the Elastic Stack for this guide is the ‘Logstash’. We will install and configure Logsatash to centralize server logs from client sources with filebeat, then filter and transform all data (Syslog) and transport it to the stash (Elasticsearch).<\/p>\n
Before installing logstash, make sure you check the OpenSSL Version your server.<\/p>\n
openssl version -a<\/p>\n
![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-6.png\" "\\"\\"")
<\/a><\/p>\nFor this guide, we will be using the OpenSSL ‘1.0.2o’. If you’re still using the OpenSSL version 1.1.2, you will get an error at the logstash and filebeat SSL connection.<\/p>\n
Install logstash using the apt command below.<\/p>\n
sudo apt install logstash -y<\/p>\n
After the installation is complete, we will generate the SSL certificate key to secure the log data transfer from the client filebeat to the logstash server.<\/p>\n
Edit the ‘\/etc\/hosts’ file using vim<\/a>.<\/p>\n
vim \/etc\/hosts<\/p>\n
Add the configuration below.<\/p>\n
10.0.15.10 elk-master elk-master<\/pre>\n
Save and exit.<\/p>\n
Now create new SSL directory under the logstash configuration directory ‘\/etc\/logstash’ and go to that directory.<\/p>\n
mkdir -p \/etc\/logstash\/ssl
cd \/etc\/logstash\/<\/p>\nGenerate the SSL certificate for Logstash using the openssl command as below.<\/p>\n
openssl req -subj ‘\/CN=elk-master\/’ -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout ssl\/logstash-forwarder.key -out ssl\/logstash-forwarder.crt<\/p>\n
The SSL certificate files for Logstash has been created on the ‘\/etc\/logstash\/ssl’ directory.<\/p>\n
Next, we will create new configuration files for logstash. We will create a configuration file ‘filebeat-input.conf’ as input file from filebeat, ‘syslog-filter.conf’ for syslog processing, and then a ‘output-elasticsearch.conf’ file to define the Elasticsearch output.<\/p>\n
Go to the logstash configuration directory and create the new configuration files ‘filebeat-input.conf’ in the ‘conf.d’ directory.<\/p>\n
cd \/etc\/logstash\/
vim conf.d\/filebeat-input.conf<\/p>\nPaste the following configuration there.<\/p>\n
input { beats { port => 5443 type => syslog ssl => true ssl_certificate => \"\/etc\/logstash\/ssl\/logstash-forwarder.crt\" ssl_key => \"\/etc\/logstash\/ssl\/logstash-forwarder.key\" } \n}<\/pre>\nSave and exit.<\/p>\n
For the syslog processing log data, we are using the filter plugin named ‘grok’ to parse the syslog files.<\/p>\n
Create a new configuration ‘syslog-filter.conf’.<\/p>\n
vim conf.d\/syslog-filter.conf<\/p>\n
Paste the following configuration there.<\/p>\n
filter { if [type] == \"syslog\" { grok { match => { \"message\" => \"%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\[%{POSINT:syslog_pid}\\])?: %{GREEDYDATA:syslog_message}\" } add_field => [ \"received_at\", \"%{@timestamp}\" ] add_field => [ \"received_from\", \"%{host}\" ] } date { match => [ \"syslog_timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ] } } \n}<\/pre>\nSave and exit.<\/p>\n
And for the elasticsearch output, we will create the configuration file named ‘output-elasticsearch.conf’.<\/p>\n
vim conf.d\/output-elasticsearch.conf<\/p>\n
Paste the following configuration there.<\/p>\n
output { elasticsearch { hosts => [\"localhost:9200\"] hosts => \"localhost:9200\" manage_template => false index => \"%{[@metadata][beat]}-%{+YYYY.MM.dd}\" document_type => \"%{[@metadata][type]}\" } \n}<\/pre>\nSave and exit.<\/p>\n
When this is done, start the logstash service and enable it to launch everytime at system boot.<\/p>\n
sudo systemctl enable logstash
sudo systemctl start logstash<\/p>\n![\"Enable](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-7.png\" "\\"\\"")
<\/a><\/p>\nCheck the logstash service using netstat and systemctl commands below.<\/p>\n
netstat -plntu
systemctl status logstash<\/p>\nAnd the logstash service is now up and running. Running on the public IP address with port ‘5443’.<\/p>\n
![\"Check](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-8.png\" "\\"\\"")
<\/a><\/p>\nThe Elastic Stack installation has been completed.<\/p>\n
Step 2 – Install and Configure Filebeat on Ubuntu 18.04<\/h2>\n
In this step, we will configure the Ubuntu 18.04 client ‘elk-client01’ by installing the Elastic Beats data shippers ‘Filebeat’ on it.<\/p>\n
Before installing the filebeat to the system, we need to edit the ‘\/etc\/hosts’ and download the logstash certificate file ‘logstash-forwarder.crt’ file to the ‘elk-client01’ server.<\/p>\n
Edit the ‘\/etc\/hosts’ file using vim editor.<\/p>\n
vim \/etc\/hosts<\/p>\n
Paste the following configuration there.<\/p>\n
10.0.15.10 elk-master elk-master<\/pre>\n
Save and exit.<\/p>\n
Copy the logstash certificate file ‘logstash-forwarder.crt’ using scp command.<\/p>\n
scp [email\u00a0protected]<\/a>:\/etc\/logstash\/ssl\/logstash-forwarder.crt .<\/p>\n
![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-9.png\" "\\"\\"")
<\/a><\/p>\nNext, install the Elastic Beats ‘Filebeat’ by adding the elastic key and add the elastic repository.<\/p>\n
wget -qO – https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add –
echo “deb https:\/\/artifacts.elastic.co\/packages\/6.x\/apt stable main” | sudo tee -a \/etc\/apt\/sources.list.d\/elastic-6.x.list<\/p>\nUpdate the repository and install the ‘filebeat’ package using the apt command below.<\/p>\n
sudo apt update
sudo apt install filebeat -y<\/p>\nAfter the installation is complete, go to the ‘\/etc\/filebeat’ directory and edit the configuration file ‘filebeat.yml’.<\/p>\n
cd \/etc\/filebeat\/
vim filebeat.yml<\/p>\nNow enable the filebeat prospectors by changing the ‘enabled’ line value to ‘true’.<\/p>\n
enabled: true<\/pre>\n
Define system log files to be sent to the logstash server. For this guide, we will add the ssh log file ‘auth.log’ and the syslog file.<\/p>\n
paths: - \/var\/log\/auth.log - \/var\/log\/syslog<\/pre>\n
Setup the output to logstash by commenting the default ‘elasticsearch’ output and uncomment the logstash output line as below.<\/p>\n
output.logstash: # The Logstash hosts hosts: [\"elk-master:5443\"] ssl.certificate_authorities: [\"\/etc\/filebeat\/logstash-forwarder.crt\"]<\/pre>\n
Save and exit.<\/p>\n
Next, we need to edit the ‘filebeat.reference.yml’ file to enable filebeat modules, and we will enable the ‘syslog’ module.<\/p>\n
vim filebeat.reference.yml<\/p>\n
Enable the syslog system module for filebeat as below.<\/p>\n
- module: system # Syslog syslog: enabled: true<\/pre>\n
Save and exit.<\/p>\n
Copy the logstash certificate file ‘logstash-forwarder.crt’ to the ‘\/etc\/filebeat’ directory.<\/p>\n
cp ~\/logstash-forwarder.crt \/etc\/filebeat\/logstash-forwarder.crt<\/p>\n
Filebeat installation and configuration have been completed. Now start the filebeat service and enable it to launch every time at system boot.<\/p>\n
systemctl start filebeat
systemctl enable filebeat<\/p>\n![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-10.png\" "\\"\\"")
<\/a><\/p>\nCheck the filebeat service using commands below.<\/p>\n
systemctl status filebeat
tail -f \/var\/log\/filebeat\/filebeat<\/p>\nThe filebeat shippers are up and running under the Ubuntu 18.04 server.<\/p>\n
![\"Filebeat](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-11.png\" "\\"\\"")
<\/a><\/p>\nStep 3 – Install and Configure Filebeat on CentOS 7.5<\/h2>\n
In this step, we will configure the CentOS 7.5 client ‘elk-client02’ by installing the Elastic Beats data shippers ‘Filebeat’ on it.<\/p>\n
Before installing the Filebeat to the system, we need to edit the ‘\/etc\/hosts’ and download the logstash certificate file ‘logstash-forwarder.crt’ file to the ‘elk-client02’ server.<\/p>\n
Edit the ‘\/etc\/hosts’ file using vim.<\/p>\n
vim \/etc\/hosts<\/p>\n
Paste configuration below.<\/p>\n
10.0.15.10 elk-master elk-master<\/pre>\n
Save and exit.<\/p>\n
Copy the logstash certificate file ‘logstash-forwarder.crt’ using scp command.<\/p>\n
scp [email\u00a0protected]<\/a>:\/etc\/logstash\/ssl\/logstash-forwarder.crt .<\/p>\n
![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-12.png\" "\\"\\"")
<\/a><\/p>\nNext, install the Elastic Beats ‘Filebeat’ by adding the elastic key and add the elastic repository.<\/p>\n
rpm –import https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch<\/p>\n
cat <<EOF > \/etc\/yum.repos.d\/elastic.repo
[elasticsearch-6.x]name=Elasticsearch repository for 6.x packages
baseurl=https:\/\/artifacts.elastic.co\/packages\/6.x\/yum
gpgcheck=1
gpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF<\/p>\nInstall filebeat using the yum command below.<\/p>\n
yum install filebeat -y<\/p>\n
After the installation is complete, go to the ‘\/etc\/filebeat’ directory and edit the configuration file ‘filebeat.yml’.<\/p>\n
cd \/etc\/filebeat\/
vim filebeat.yml<\/p>\nNow enable the filebeat prospectors by change the ‘enabled’ line value to ‘true’.<\/p>\n
enabled: true<\/pre>\n
Define system log files to be sent to the logstash server. For this guide, we will add the ssh log file ‘auth.log’ and the syslog file.<\/p>\n
paths: - \/var\/log\/secure - \/var\/log\/messages<\/pre>\n
Setup the output to logstash by commenting the default ‘elasticsearch’ output and uncomment the logstash output line as below.<\/p>\n
output.logstash: # The Logstash hosts hosts: [\"elk-master:5443\"] ssl.certificate_authorities: [\"\/etc\/filebeat\/logstash-forwarder.crt\"]<\/pre>\n
Save and exit.<\/p>\n
Next, we need to edit the ‘filebeat.reference.yml’ file to enable filebeat modules, and we will enable the ‘syslog’ module.<\/p>\n
vim filebeat.reference.yml<\/p>\n
Enable the syslog system module for filebeat as below.<\/p>\n
- module: system # Syslog syslog: enabled: true<\/pre>\n
Save and exit.<\/p>\n
Copy the logstash certificate file ‘logstash-forwarder.crt’ to the ‘\/etc\/filebeat’ directory.<\/p>\n
cp ~\/logstash-forwarder.crt \/etc\/filebeat\/logstash-forwarder.crt<\/p>\n
Filebeat installation and configuration have been completed. Now start the filebeat service and add it to the boot time.<\/p>\n
systemctl start filebeat
systemctl enable filebeat<\/p>\n![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-13.png\" "\\"\\"")
<\/a><\/p>\nCheck the filebeat service using commands below.<\/p>\n
systemctl status filebeat
tail -f \/var\/log\/filebeat\/filebeat<\/p>\nThe filebeat shippers are up and running under the CentOS 7.5 server.<\/p>\n
![\"Filebeat](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-14.png\" "\\"\\"")
<\/a><\/p>\nStep 4 – Testing<\/h2>\n
Open your web browser and type the elastic stack domain name, mine is: ‘elastic-stack.io’.<\/p>\n
You will be prompted the username and password from the basic authentication to the Kibana Dashboard.<\/p>\n
![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-15.png\" "\\"\\"")
<\/a><\/p>\nType the username ‘elastic’ with your password.<\/p>\n
Now you will get the beautiful kibana dashboard, click the ‘Set up index patterns’ button on the right.<\/p>\n
![\"Kibana](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-16.png\" "\\"\\"")
<\/a><\/p>\nDefine the ‘filebeat-*’ index pattern and click the ‘Next step’ button.<\/p>\n
![\"Define](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-17.png\" "\\"\\"")
<\/a><\/p>\nFor the ‘time filter field name’, choose the ‘@timestamp’ and click ‘Create index pattern’.<\/p>\n
![\"Create](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-18.png\" "\\"\\"")
<\/a><\/p>\nAnd the filebeat index pattern has been created.<\/p>\n
![\"Filebeat](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-19.png\" "\\"\\"")
<\/a><\/p>\nNext, we will try to get the log information for the SSH login failed on each client servers ‘elk-client01’ Ubuntu system and ‘elk-client02’ CentOS system.<\/p>\n
Inside the Kibana Dashboard, click the ‘Discover’ menu to get all server logs.<\/p>\n
Set the ‘beat.hostname’ to the ‘elk-client01’ server, the ‘source’ is the ‘\/var\/log\/auth.log’ file, and you will get the result as shown below.<\/p>\n
![\"Log](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-20.png\" "\\"\\"")
<\/a><\/p>\nAnd following is the sample log details for SSH failed password from the ‘auth.log’ file.<\/p>\n
![\"SSH](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-21.png\" "\\"\\"")
<\/a><\/p>\nFor the ‘elk-client02’ CentOS server, set the ‘beat.hostname’ to the ‘elk-client02’ server, the ‘source’ is the ‘\/var\/log\/secure’ file, and you will get the result as shown below.<\/p>\n
![\"Report](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-22.png\" "\\"\\"")
<\/a><\/p>\nAnd following is the sample log details for SSH failed password from the ‘secure’ file.<\/p>\n
![\"Login](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-23.png\" "\\"\\"")
<\/a><\/p>\nThe Elastic Stack and the Elastic Beat ‘Filebeat’ installation and configuration have been completed successfully.<\/p>\n
Reference<\/h2>\n
\nShare this page:<\/b><\/p>\n
\n
![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-24.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-25.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-26.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/07\/how-to-install-elastic-stack-on-ubuntu-18-04-lts-27.png\" "\\"\\"")
<\/a>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"Elasticsearch is an open source search engine based on Lucene, developed in Java. It provides a distributed and multitenant full-text search engine with an HTTP Dashboard web-interface (Kibana). The data is queried, retrieved and stored in a JSON document scheme. Elasticsearch is a scalable search engine that can be used to search for all kind …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-5693","post","type-post","status-publish","format-standard","hentry","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/5693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=5693"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/5693\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=5693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=5693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=5693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Install Elastic Stack<\/li>\n
![\"Test](\"https:\/\/www.howtoforge.com\/images\/how_to_install_elastic_stack_ubuntu_1804\/big\/1.png\" "\\"\\"")
<\/a><\/p>\n