Filebeats dhcp logs3/23/2023 ![]() ![]() ![]() One it’s installed we want to make a change to the config file, similar to what we did with ElasticSearch. sudo apt-get update & sudo apt-get install kibana We’ve already added the Elastic APT repository so it should just be a case of installing the Kibana package. Now it’s time to install and configure Kibana, the process is very similar to installing elastic search. If all has gone right, you should get a reponse simialr to the one below. curl -X GET "IP OF YOUR ELASTIC HOST:9200/?pretty" Run the curl command below from another host, and make sure to include the IP of your Elastic host. I’m going to use my other Linux host running Zeek to test this. Next, we want to make sure that we can access Elastic from another host on our network. You should get a green light and an active running status if all has gone well. Once that’s done, let’s start the ElasticSearch service, and check that it’s started up properly. It’s worth noting, that putting the address 0.0.0.0 here isn’t best practice, and you wouldn’t do this in a production environment, but as we are just running this on our home network it’s fine. We’re going to set the bind address as 0.0.0.0, this will allow us to connect to ElasticSearch from any host on our network. Once installed, we need to make one small change to the ElasticSearch config file, /etc/elasticsearch/elasticsearch.yml. sudo apt-get update & sudo apt-get install elasticsearch echo "deb stable main" | sudo tee -a /etc/apt//elastic-7.x.listįinally install the ElasticSearch package. Then add the elastic repository to your source list. If you need to, add the apt-transport-https package. Installing Elastic is fairly straightforward, firstly add the PGP key used to sign the Elastic packages. It’s pretty easy to break your ELK stack as it’s quite sensitive to even small changes, I’d recommend taking regular snapshots of your VMs as you progress along.I’m running ELK in its own VM, separate from my Zeek VM, but you can run it on the same VM if you want. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |