Monday, June 1, 2020

ELK installation

1). Introduction
This is an ELK used for monitoring all logs at one place.


2) Pre-requisite:
JAVA should be installed in order to setup ELK.
apt-get update
apt-get install default-jre
apt-get install default-jdk
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer
#edit the file and add below line….vim /etc/environment
JAVA_HOME="/usr/lib/jvm/java-8-oracle"
source /etc/environment
echo $JAVA_HOME…This should reflect the path mentioned in the file.
java --version


3) Install Docker and Docker-compose apt-get install docker
apt-get install docker-compose
systemctl start docker


4) Git Clone the image git clone https://github.com/deviantony/docker-elk.git It will create a directory called docker-elk


5) Editing the .yml files If you are using custom ports then we will have to change the respective ports in the respective files as well as docker-compose.yml file.

Default ports:
9200 – Elastic search
5601- Kibana
5044- Log stash


6) Creating Containers cd docker-elk
docker-compose up --build -d
It will take time and you can verify if the containers are created
docker ps


7) Web-page
Hit the web-page

<ip>:9200—you must see the .jason format. This is the confirmation that elastic search is installed correctly.





<ip>:5601—you must see the kibana page.




8) Setup of Beat agent on Client Side Click on Logs à Add data à <type of logs you require> à Select the OS à Follow the instructions to install the agent.




9) Adding log paths
On client side after installing the Beat. Go to its directory to add the log paths
cd /etc/filebeat/modules.d
Edit the file vim nginx.yml
There are two sections of access and error. We can give path of the logs we want to fetch in kibana over here.



--------------------------------------------------------------------------------------------------