PART 1 INSTALL ELASTICSEARCH 6 CLUSTER FOR CENTRALIZED SYSLOG

PART 1 INSTALL ELASTICSEARCH 6 CLUSTER FOR CENTRALIZED SYSLOG

Here we will configure Elasticsearch as a cluster and configure the ability to collect logs centrally via syslog.

Step.1 check to ip address for connect to ssh

sudo apt-get install ssh

 

Step.2 Install java and apply evn

sudo apt-get install software-properties-common

sudo add-apt-repository ppa:webupd8team/java

sudo apt-get update

sudo apt-get install oracle-java8-installer

 

Step.3 Elasticsearch Install

 

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

sudo apt-get update

sudo apt-get install elasticsearch

 

Step.4 Add to service base

 

sudo /bin/systemctl enable elasticsearch.service

sudo /bin/systemctl daemon-reload

 

Step.5 Configuration for Elasticsearch

sudo nano /etc/elasticsearch/elasticsearch.yml

 

you need to enable parameter below list

 

cluster.name:

node.name:

network.host:

http.port:

discovery.zen.ping.unicast.hosts:

 

add to host and IP

sudo nano /etc/hosts

 

Step.6 Elasticsearch state check

 

sudo apt-get install curl

curl -XGET http://172.16.4.151:9200/_cluster/health?pretty

curl -XGET http://172.16.4.152:9200/_all/_search?pretty

 

If you want to proceed with log centralization, please refer to the document below.

https://asecurity.dev/2018/03/part-2-install-elasticsearch-6-0-cluster-with-logstash-for-centralized-syslog/

Facebook Comments

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.