Scribd Logo
Unggah

Selamat datang di Scribd!

  • Working Configuration of ELK

    Diunggah oleh

    zayalaksme
    72 tayangan3 halaman
    ELK installation on Centos or REdhat

    Judul Asli

    working configuration of ELK

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    ELK installation on Centos or REdhat

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    72 tayangan3 halaman

    Working Configuration of ELK

    Diunggah oleh

    zayalaksme
    ELK installation on Centos or REdhat

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    sudo firewall-cmd --zone=public --permanent --add-port=5601/tcp

    sudo firewall-cmd --zone=public --permanent --add-port=9200/tcp


    sudo firewall-cmd --zone=public --permanent --add-port=9300/tcp
    sudo firewall-cmd --zone=public --permanent --add-port=5044/tcp
    sudo firewall-cmd --zone=public --permanent --add-port=3030/tcp
    sudo firewall-cmd --zone=public --permanent --add-port=1514/udp
    sudo firewall-cmd --zone=public --add-service=http
    sudo firewall-cmd --zone=public --add-service=https
    sudo firewall-cmd --reload
    sudo firewall-cmd --zone=public --list-services
    sudo firewall-cmd --zone=public --list-ports
    sudo netstat –plntu

    sudo yum install -y java-1.8.0-openjdk


    cd /tmp
    wget https://artifacts.elastic.co/downloads/kibana/kibana-7.1.0-x86_64.rpm
    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.0-
    x86_64.rpm
    wget https://artifacts.elastic.co/downloads/logstash/logstash-7.1.0.rpm
    wget https://packages.elastic.co/curator/5/centos/7/Packages/elasticsearch-
    curator-5.7.6-1.x86_64.rpm

    yum install -y kibana-7.1.0-x86_64.rpm


    yum install -y elasticsearch-7.1.0-x86_64.rpm
    yum install -y logstash-7.1.0.rpm
    yum install -y elasticsearch-curator-5.7.6-1.x86_64.rpm

    cluster.name: ELK-GLOBAL
    node.name: ${HOSTNAME}
    node.master: true
    node.data: true
    network.host: ["_ens33_", "_lo_"]
    discovery.zen.ping.unicast.hosts: ["10.10.10.142","10.10.10.143"]
    discovery.zen.minimum_master_nodes: 1
    cluster.initial_master_nodes:
    - 10.10.10.142:9300
    - 10.10.10.143:9300

    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.key: elk-142.key
    xpack.security.transport.ssl.certificate: elk-142.pem
    xpack.security.transport.ssl.certificate_authorities: root-ca.pem
    xpack.security.http.ssl.enabled: false
    xpack.security.http.ssl.key: elk-142_http.key
    xpack.security.http.ssl.certificate: elk-142_http.pem
    xpack.security.http.ssl.certificate_authorities: root-ca.pem

    /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

    KIBANA CONFIG:

    server.host: "10.10.10.142"
    elasticsearch.hosts: ["http://10.10.10.142:9200"]
    server.ssl.enabled: true
    server.ssl.key: /etc/kibana/elk-142_http.key
    server.ssl.certificate: /etc/kibana/elk-142_http.pem
    elasticsearch.username: "elastic"
    elasticsearch.password: "elastic"

    ca:
    root:
    dn: CN=root.ca.uaredinc.com,OU=CA,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    keysize: 2048
    validityDays: 3650
    pkPassword: none
    file: root-ca.pem
    intermediate:
    dn: CN=signing.ca.uaredinc.com,OU=CA,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    keysize: 2048
    validityDays: 3650
    pkPassword: none
    defaults:
    validityDays: 3650
    pkPassword: none
    generatedPasswordLength: 12
    httpsEnabled: true
    nodes:
    - name: elk-142
    dn: CN=elk-142.uaredinc.com,OU=Ops,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    dns:
    - monitor.uaredinc.com
    - ingest.uaredinc.com
    ip: 10.10.10.142
    - name: elk-143
    dn: CN=elk-143.uaredinc.com,OU=Ops,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    dns:
    - monitor.uaredinc.com
    - ingest.uaredinc.com
    ip: 10.10.10.143
    - name: elk-144
    dn: CN=elk-144.uaredinc.com,OU=Ops,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    dns:
    - monitor.uaredinc.com
    - ingest.uaredinc.com
    ip: 10.10.10.144
    clients:
    - name: ingest
    dn: CN=ingest.uaredinc.com,OU=Ops,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    - name:
    dn: CN=.uaredinc.com,OU=Ops,O=uaredinc Com\, Inc.,DC=uaredinc,DC=com
    admin: true

    BEATS CONFIGURATION
    output.elasticsearch:
    username: elastic
    password: elastic
    protocol: http
    hosts: ["10.10.10.142:9200", "10.10.10.143:9200"]
    PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1
    .\metricbeat.exe modules enable windows
    start-service winlogbeat
    get-service winlogbeat
    set-service -Name winlogbeat -StartupType Automatic

    metricbeat.exe -e
    .\metricbeat.exe setup --dashboards

    .\metricbeat.exe -c .\metricbeat.yml -e -v

    ------------->logstash configuration
    input {
    beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/root-ca.pem"]
    ssl_certificate => "/etc/logstash/elk-142.pem"
    ssl_key => "/etc/logstash/elk-142.key"
    ssl_verify_mode => "force_peer"
    }
    }
    filter {
    grok {
    match => {"message" => "%{DATA:event_description}\n"}
    }
    }
    output {
    elasticsearch {
    hosts => "10.10.10.142:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    user => "elastic"
    password => "elastic"
    }
    }
    -----------

    Anda mungkin juga menyukai