Comandos para el despliegue de ELK.
apt-get upgrade
apt-get update
apt install openjdk-11-jre
java -version
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list
apt update
apt list --upgradable
apt install elasticsearch
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
systemctl status elasticsearch.service
apt-get install curl
curl -X GET "localhost:9200/"
apt install logstash
systemctl restart logstash
systemctl enable logstash
systemctl status logstash
apt install kibana
nano /etc/kibana/kibana.yml
systemctl enable kibana
systemctl start kibana
systemctl status kibana
apt-get install ssl-cert
apt install nginx
echo "admin:`openssl passwd -apr1 ELK4Pihole`" | tee -a /etc/nginx/htpasswd.kibana
rm -f /etc/nginx/sites-enabled/default
nano /etc/nginx/sites-available/kibana
ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
nginx -t
systemctl enable nginx
systemctl start nginx
systemctl status nginxFichero nginx
server {
listen 80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name _;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_session_cache shared:SSL:10m;
auth_basic "Restricted Access to ELK 4 Pihole";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Revisión de estado de servicios
Elasticsearch: lsof -i -P -n | grep elasticsearch
Kibana: lsof -i -P -n | grep kibana
Nginx: lsof -i -P -n | grep nginx
Logstash: lsof -i -P -n | grep logstash