Installation Elasticsearch [DB]
Installation de Java :
sudo echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | sudo tee /etc/apt/sources.list.d/webupd8team-java.list
sudo echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list.d/webupd8team-java.list
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
sudo apt-get update
sudo apt-get install oracle-java8-installer
Installation :
wget --no-check-certificate -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update && sudo apt-get install elasticsearch
Paramétrage :
sudo nano /etc/elasticsearch/elasticsearch.yml
Activer les lignes suivantes et configurer comme suit :
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.0.34
#
# Set a custom port for HTTP:
#
http.port: 9200
Réglage de la mémoire de la JVM :
sudo nano /etc/elasticsearch/jvm.options
-Xms4g
-Xmx4g
Démarrage auto :
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
Démarrage :
sudo -i service elasticsearch start
sudo -i service elasticsearch stop
Debug :
sudo journalctl -f
sudo journalctl --unit elasticsearch
On vérifie que le service est bien lancé en allant dans le navigateur à l'adresse : http://192.168.0.34:9200
On doit obtenir une réponse json de ce type :
{
"name" : "dHm71Q1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Nkkmbc3vQpajkKD4eQhZ8Q",
"version" : {
"number" : "6.1.1",
"build_hash" : "bd92e7f",
"build_date" : "2017-12-17T20:23:25.338Z",
"build_snapshot" : false,
"lucene_version" : "7.1.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
Installation Kibana [front]
sudo apt-get update && sudo apt-get install kibana
Paramétrage :
sudo nano /etc/kibana/kibana.yml
Décommenter et configurer comme suit :
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
server.host: "192.168.0.34"
elasticsearch.url: "http://192.168.0.34:9200"
kibana.index: ".kibana"
Démarrage auto :
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
Démarrage :
sudo -i service kibana start
sudo -i service kibana stop
Installation Logstash [broker]
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-6.1.1.deb
sudo dpkg -i logstash-6.1.1.deb
Paramétrage :
sudo nano /etc/logstash/logstash.yml
http.host: "192.168.0.34"
http.port: 9600-9700
sudo nano /etc/logstash/conf.d/logstash-poller.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "192.168.0.34:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
Démarrage :
sudo service logstash start
sudo service logstash stop
Installation filebeat [agent]
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.1.1-amd64.deb
sudo dpkg -i filebeat-6.1.1-amd64.deb
sudo nano /etc/filebeat/filebeat.yml
Passer enabled à true et ajouter les logs d'Apache :
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/log/*.log
- /var/log/apache2/*.log
Commenter :
#output.elasticsearch:
#hosts: ["IP_SERV_ELASTICSEARCH:9200"]
Décommenter et configurer l'IP du serveur logstash :
output.logstash:
hosts: ["IP_SERV_LOGSTASH:5044"]
Démarrer :
sudo service filebeat start