The ELK stack (Elasticsearch, Logstash, and Kibana) is a powerful solution for monitoring and analyzing log data. This guide will show you how to install, configure, and use the ELK stack on your server.
The ELK stack is a set of tools for searching, analyzing, and visualizing log data in real-time. It is widely used for server monitoring, security analysis, and operational intelligence.
Before you begin, ensure you have the following:
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic-archive-keyring.gpg] https://artifacts.elastic.co/packages/9.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-9.x.list
sudo apt-get update && sudo apt-get install elasticsearch
sudo apt-get install logstash
sudo apt-get install kibana
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo tee /etc/yum.repos.d/elastic-9.x.repo <<'EOF'
[elastic-9.x]
name=Elastic repository for 9.x packages
baseurl=https://artifacts.elastic.co/packages/9.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
sudo dnf install elasticsearch logstash kibana
sudo nano /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster
node.name: node-1
sudo systemctl enable --now elasticsearch
sudo nano /etc/logstash/logstash.yml
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}
sudo systemctl enable --now logstash
sudo nano /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
sudo systemctl enable --now kibana
http://your_server_ip:5601 in your web browser.sudo systemctl status elasticsearch
sudo systemctl status logstash
sudo systemctl status kibana
/var/log/elasticsearch/, /var/log/logstash/, and /var/log/kibana/ for errors.network.host: 127.0.0.1 or a private IP in elasticsearch.yml.server.host: "127.0.0.1" or a private IP in kibana.yml.9200 (Elasticsearch), 5601 (Kibana), and 5044 (Logstash Beats) from trusted subnets.By following this guide, you have successfully installed and configured the ELK stack on your server. You can now monitor and analyze your log data in real-time, gaining valuable insights into your server’s performance and security.