How To Install Elasticsearch Part2

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 4

Configure Logstash-forwarder.

Logstash-forwarder is a client software which ship logs to a logstash server, it should be


installed on all client servers. Logstash-forwarder can be downloaded from official
website or you can use the following command to download it in terminal and install it.
# wget https://download.elasticsearch.org/logstashforwarder/binaries/logstash-forwarder-0.4.0-1.x86_64.rpm
# rpm -Uvh logstash-forwarder-0.4.0-1.x86_64.rpm

Logstash-forwader uses SSL certificate for validating logstash server identity, so copy the
logstash-forwarder.crt that we created earlier from the logstash server to the client. Open up
the configuration file.
# vi /etc/logstash-forwarder.conf

In the network section, mention the logstash server with port number and path to the
logstash-forwarder certificate that you copied from logstash server. This section defines the
logstash-forwarder to send a logs to logstash server itzgeek on port 5050 and client
validates the server identity with the help of SSL certificate.
Note: Replace itzgeek with ip address incase if you are using IP SAN.
"servers": [ "itzgeek:5050" ],
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
"timeout": 15

In the files section, configures what all are files to be shipped. In this article we will
configure a logstash-forwarder to send a logs (/var/log/messages) to logstash server with
syslog as type.
{
"paths": [
"/var/log/messages"
],
"fields": { "type": "syslog" }
}

Restart the service.


# systemctl start logstash-forwarder.service

You can look at a log file in case of any issue.


# cat /var/log/logstash-forwarder/logstash-forwarder.err

Configure Kibana 4:
Kidbana provides visualization of logs, download it from official website. Use the following
command to download it in terminal.
wget https://download.elasticsearch.org/kibana/kibana/kibana-4.0.2-linuxx64.tar.gz

Extract and move it to /opt/


tar -zxvf kibana-4.0.2-linux-x64.tar.gz

mv kibana-4.0.2-linux-x64 /opt/kibana4

Enable PID file for Kibana, this is required to create a systemd init file.
# sed -i 's/#pid_file/pid_file/g' /opt/kibana4/config/kibana.yml

Kibana can be started by running /opt/kibana4/bin/kibana, to run kibana as a server we will


create a systemd file.
# vi /etc/systemd/system/kibana4.service
[Unit]
Description=Kibana 4 Web Interface
After=elasticsearch.service
After=logstash.service
[Service]
ExecStartPre=rm -rf /var/run/kibana.pid
ExecStart=/opt/kibana4/bin/kibana/
ExecReload=kill -9 $(cat /var/run/kibana.pid) && rm -rf /var/run/kibana.pid &&
/opt/kibana4/bin/kibana/
ExecStop=kill -9 $(cat /var/run/kibana.pid)
[Install]
WantedBy=multi-user.target

Start and enable kibana to start automatically at system startup.


# systemctl start kibana4.service
systemctl enable kibana4.service

Access your kibana portal by visiting the following link


http://your-ip-address:5601/

You will get a following page where you have to map logstash index to use kibana. Scroll
down on Time-field name and select
@timestamp

Install ELK Kibana Index Selection

Once you selected, it will redirect you to kibana main page.

Install ELK Kibana Discover the Logs

Kibana does not comes with any kind of password protected access to portal. With Nginx,
we can configure in such a way that the user should fulfill authentication mechanism before
entering to portal.
Thats All, you have successfully configured ELK stack for centralized log management.

You might also like