Professional Documents
Culture Documents
Nodes IP Addresses:
Node1 - 192.168.56.111
Node2 - 192.168.56.112
Node3 - 192.168.56.113
mv elastic-certificates.p12 /etc/elasticsearch/
cd /etc/elasticsearch/
ls -ltr
nano /etc/elasticsearch/elasticsearch.yml
- Copy and paste following 5 lines in elasticsearch.yml file
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
nano /etc/elasticsearch/elasticsearch.yml
- Copy and paste following 5 lines in elasticsearch.yml file
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
nano /etc/elasticsearch/elasticsearch.yml
- Copy and paste following 5 lines in elasticsearch.yml file
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
nano /etc/elasticsearch/elasticsearch.yml
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.client_authentication: optional
cd /etc/elasticsearch/
cd /etc/kibana
ls -ltr
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/newfile.crt.pem
server.ssl.key: /etc/kibana/newfile.key.pem
elasticsearch.ssl.verificationMode: none
https://192.168.56.113:5601/
Logstash on Node 3
cd /home/vagrant/
curl https://artifacts.elastic.co/downloads/logstash/logstash-7.9.0.rpm -o
logstash-7.9.0.rpm
rpm -i logstash-7.9.0.rpm
cp /etc/kibana/newfile.crt.pem /etc/logstash/newfile.crt.pem
nano /etc/logstash/pipelines.yml
output {
elasticsearch {
hosts => "https://localhost:9200"
index => "estack-test-pipeline-index"
user => "elastic"
password => "elastic"
cacert => "/etc/logstash/newfile.crt.pem"
ssl_certificate_verification => false
}
}
==========================================================================
Check the log file to see that everything looks good maybe it will take a while
for logstash to create the file(depending on VM resources)
tail -f /var/log/logstash/logstash-plain.log
Filebeat Configuration(Windows)
Link - https://mega.nz/file/jGJDEQjZ#sceYkyaCo7GXiw2ncK3xVLBdfCP1OSXzqKkFTWC8--A
Link - https://mega.nz/file/ODQnGajR#1jgjFVqn5Z_hPOTTO7NXKqQ8n8NNouLhbr2otTYfR8Q
Create "logs" folder on your desktop and change the path in the filebeat.yml file
with your username.
ex: - C:\Users\YourUsername\Desktop\logs\*.log