Centralized Log Menggunakan ELK Stack
Initial Setup
sudo apt update
sudo apt upgrade -y
sudo apt install htop git nginx curl unzip zip exif -y
sudo apt install libmcrypt-dev libjpeg-dev libpng-dev libjpeg-dev libfreetype6-dev libbz2-dev libzip-dev -yInstalling Java
sudo apt-get install default-jre
java -versionSetup Elasticsearch
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install elasticsearchEdit Elasticsearch configuration:
sudo vim /etc/elasticsearch/elasticsearch.ymlSet network host to:
network.host: localhostStart Elasticsearch:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearchVerify Elasticsearch
sudo lsof -i -P -n | grep LISTEN | grep 9200
curl -XGET 'http://localhost:9200/_all/_search?q=*&pretty'
curl -X GET "localhost:9200"Install Kibana
sudo apt install kibana
sudo systemctl enable kibana
sudo systemctl start kibanaVerify Kibana:
sudo lsof -i -P -n | grep LISTEN | grep 5601Configure Nginx
sudo vim /etc/nginx/sites-available/logs.skul.idAdd configuration:
server {
listen 80;
server_name your_domain;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Enable site configuration:
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/your_domain
sudo nginx -t
sudo systemctl reload nginxInstall Logstash
sudo apt install logstash
sudo systemctl start logstash
sudo systemctl enable logstashInstall Filebeat
sudo apt install filebeat
sudo vim /etc/filebeat/filebeat.ymlReferences: