On Debian 13:
sudo apt update
sudo apt install apt-transport-https ca-certificates curl gnupg
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-archive-keyring.gpg
echo \"deb [signed-by=/usr/share/keyrings/elastic-archive-keyring.gpg] https://artifacts.elastic.co/packages/9.x/apt stable main\" | sudo tee /etc/apt/sources.list.d/elastic-9.x.list
sudo apt update
On RHEL 10:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo tee /etc/yum.repos.d/elastic-9.x.repo <<'EOF'
[elastic-9.x]
name=Elastic repository for 9.x packages
baseurl=https://artifacts.elastic.co/packages/9.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
sudo apt install elasticsearch logstash kibana
On RHEL:
sudo dnf install elasticsearch logstash kibana
sudo systemctl enable --now elasticsearch
sudo systemctl enable --now logstash
sudo systemctl enable --now kibana
On UFW:
sudo ufw allow 9200/tcp
sudo ufw allow 5601/tcp
sudo ufw allow 5044/tcp
On firewalld:
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --permanent --add-port=5044/tcp
sudo firewall-cmd --reload
http://SERVER_IP:9200http://SERVER_IP:5601See ELK Stack Hardening.
Stuck on a step or need custom configuration? We provide paid consulting for ELK Stack deployments, from single-instance setups to distributed clusters.
📧 office@linux-server-admin.com
🌐 Contact Page
Prefer automation? See ELK Stack Monitoring Ansible Setup for an example playbook.
Prefer containers? See ELK Stack Monitoring Docker Setup.
See ELK Stack Monitoring Configuration for configuration guidance.
See ELK Stack Monitoring Security for hardening guidance.