I install ELK in single-node mode with following configuration
Host IP: 192.168.87.47
Elasticsearch.yml
network.host: 0.0.0.0
node.name: elasticsearch
cluster.initial_master_nodes: elasticsearch
# Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
# HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
# Elasticsearch authentication
xpack.security.enabled: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
Kibana.yml
server.host: 0.0.0.0
server.port: 443
elasticsearch.hosts: https://192.168.87.47:9200
elasticsearch.password: i9mARqws1YTAguOlHz9H
# Elasticsearch from/to Kibana
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
elasticsearch.ssl.certificate: /etc/kibana/certs/kibana.crt
elasticsearch.ssl.key: /etc/kibana/certs/kibana.key
# Browser from/to Kibana
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
# Elasticsearch authentication
xpack.security.enabled: true
elasticsearch.username: elastic
server.defaultRoute: /app/wazuh
xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"
Ingest Management Setting:
Global output
Kibana URL: https://192.168.87.47
Elasticsearch URL: https://192.168.87.47:9200
Ingest Integrate: Metric & Apache
I follow the instruction at: https://mediatemple.net/community/products/dv/204404734/how-do-i-enable-the-server-status-page-on-my-server
My previous topic: Metricbeat only run system module instead of running both system and apache module - Elastic Stack / Beats - Discuss the Elastic Stack
For now I still not get the apache metric log. Any idea to solve that? thanks