Emergency guidance about Logstash, Kibana and Elasticsearch

Elastic Stack Elasticsearch
1

Hello.
I know my question maybe out of area but I'm thankful if you share your experiences to me. I like to collect Logs via these three tools and I configure them via below steps :

1- yum install epel-release -y
2- sudo service rsyslog stop
3- sudo chkconfig rsyslog off
4- sudo yum install syslog-ng-libdbi syslog-ng -y
5- sudo vim /etc/syslog-ng/syslog-ng.conf

options {
        flush_lines (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (no);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (yes);
        ts_format(iso);
		encoding(UTF-8);
};

source s_netsyslog {
        udp(ip(0.0.0.0) port(514) flags(no-hostname));
        tcp(ip(0.0.0.0) port(514) flags(no-hostname));
};

destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };

log { source(s_netsyslog); destination(d_netsyslog); };



6- sudo chkconfig syslog-ng on
7- sudo service syslog-ng start
8- sudo vim /etc/logrotate.d/network_syslog

/var/log/network.log {
    daily
    rotate 30
    create 644 root root
    olddir /var/log/network
    missingok
    notifempty
    sharedscripts
    dateext
    compress
    delaycompress
    maxage 90
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1
    endscript
}



9- yum install iptables-services
systemctl stop iptables
chkconfig iptables off
service iptables stop


10- Set "SElinux" is "permissive"


11- sudo nano /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

12- below commands 
# sudo yum update && sudo yum install elasticsearch -y
# sudo chkconfig --add elasticsearch
# sudo chkconfig elasticsearch on



13- sudo nano /etc/yum.repos.d/logstash.repo

[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md


14- Below commands

# yum install logstash -y
# sudo chkconfig logstash on


15- below commands 
# yum install nginx -y
# chkconfig nginx on


16- Install Kibana

$ sudo yum -y install kibana
$  sudo nano /etc/kibana/kibana.yml 
set server.host: "localhost"


$ sudo yum -y install nginx httpd-tools
$ sudo htpasswd -c /etc/nginx/htpasswd.users admin

1- sudo vi /etc/nginx/nginx.conf
2- find "server {" and comment lines till "include /etc/nginx/conf.d/*.conf;}"
3- Check your Nginx config 
$ nginx -c /etc/nginx/nginx.conf


# nano /etc/nginx/conf.d/kibana.conf

server {
    listen 80;

    server_name example.com;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        
    }
}

But It can't work. The problem is that settings changed very fast and I like to know how can I start my log collection. Any new guidance?
Please share your advice.

Thank you.

2

You'll find that people are happy to help here. But you've got a 100+ line config file that is really hard to read.

What exactly is the problem here and why is this an emergency?

3

Problem solved.

4

How did you solve it?

5

It was a firewall problem and I couldn't see the webpage and with adding some rules problem solved.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.