Once everything is up-to-date, you will need to test whether Filebeat on your client server should be shipping your logs to Logstash on your ELK server.
![install filebeats elastic search install filebeats elastic search](https://programmer.group/images/article/0f73b1c74c29a997574375d60945e410.jpg)
Now Filebeat is sending syslog and auth.log to Logstash on your ELK server. Save the file and restart filebeat service: You can do this by editing the Filebeat configuration file located at /etc/filebeat/filebeat.yml. Next, you will need to configure Filebeat to connect to Logstash on our ELK Server. Sudo /etc/init.d/filebeat start sudo update-rc.d filebeat defaults Once filebeat is installed, start filebeat service and enable it to start at boot: Next, update the repository with the following command:įinally install filebeat by running the following command: Then, add the GPG key with the following command: To install filebeat, you will need to create source list for filebeat, you can do this with the following command:Įcho "deb stable main" | sudo tee -a /etc/apt//beats.list Now, it's time to install the filebeat package on the client server. Sudo cp /tmp/filebeat.crt /etc/pki/tls/certs/ Now, on client server, copy ELK server's SSL certificate into appropriate location:įirst, create directory structure for SSL certificate: Scp /etc/pki/tls/certs/filebeat.crt user is the username of the client server and client-server-ip is the IP address of the client server On the ELK server, run the following command to copy SSL certificate to client server: You will also need to setup filebeat on each Ubuntu server that you want to send logs to Logstash on your ELK Server.īefore setting up filebeat on the client server, you will need to copy the SSL certificate from ELK server to your client server. The ELK server is now ready to receive filebeat data, now it's time to set up Filebeat on each client server. Now, Kibana is accessible via the public IP address of your ELK server. Sudo nano /etc/logstash/conf.d/nfĮnter fullscreen mode Exit fullscreen mode Now, create the filebeat input configuration file with the following command: Note that you will need to copy this certificate to every client whose logs you want to send to the ELK server. Sudo openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/filebeat.key -out certs/filebeat.crt Where 192.168.1.7 is your ELK server IP address. Save the file and generate SSL certificate by running the following command: Next, add IP address of ELK server to OpenSSL configuration file:įind the section and add the following line: Sudo mkdir -p /etc/pki/tls/certs sudo mkdir /etc/pki/tls/private The configuration consists of three parts: inputs, filters, and outputs.īefore configuring logstash, create a directory for storing certificate and key for logstash.
![install filebeats elastic search install filebeats elastic search](https://www.laravelcode.com/upload/postimages/1498986506.png)
Once logstash is installed, you will need to configure the logstash file located at /etc/logstash/conf.d directory. Now, install the logstash with the following command: You can test elasticsearch with the following curl command:īy default Logstash is not available in Ubutnu repository, so you will need to add Logstash source list to apt. Now, elasticsearch is up and running, it's time to test elasticsearch. Next, enable elasticsearch service to start at boot with the following command: Save the file and start elasticsearch service: Sudo /etc/elasticsearch/elasticsearch.ymlįind the line network.host and replace its value with localhost (previous value is 192.168.0.1) Once elasticsearch is installed, you will need to restrict outside access to the Elasticsearch instance, you can do this by editing the elasticsearch.yml file. Now, install the Elasticsearch with the following command: Save the file and update the repository with the following command:
![install filebeats elastic search install filebeats elastic search](https://bigdataboutique.com/images/courses/elasticsearch-for-developers.jpg)
Then, you will need to add Elastic's package source list to apt. You can do this with the following command: Make sure java 8 is installed and also set java_home to /etc/default/elasticsearchīefore starting, you will need to import the Elasticsearch public GPG key into apt.