User Tools
Sidebar
This is an old revision of the document!
Install Kibana on Linux
Install Debian with basic function, only add SSH server.
Login as root
Modify /etc/network/interfaces
auto enp8s0 iface enp8s0 inet static address 10.0.0.15 netmask 255.255.0.0 gateway 10.0.0.1 dns-nameservers 10.0.0.1
Set the name of the machine in /etc/hostname and the IP addresses in /etc/hosts
Register it with your DNS server or add it to /etc/hosts on the host system
Update the system
apt update && apt upgrade -y apt autoremove -y
Create another user and set the password
useradd kenny
passwd kenny
Reboot
reboot now
Login through ssh
ssh kenny@deb11-elk-04
Become root
su -
Install vim, tools for importing the elastic key ring, allow apt to download through https, for mounting SMB shares and unzip. Then get the elastic key ring and add the repository
apt install -y vim gpg apt-transport-https cifs-utils unzip wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list
Install Kibana
apt update
apt install kibana
Change /etc/kibana/kibana.yml:
In /etc/kibana/kibana.yml set: server.host: "deb11-elk-13" elasticsearch.hosts: ["https://deb11-elk-11:9200", "https://deb11-elk-12:9200" ] server.publicBaseUrl: "https://deb11-elk-13" # SSL config server.ssl.enabled: true server.ssl.certificate: /etc/kibana/certs/deb11-elk-13_https.crt server.ssl.key: /etc/kibana/certs/deb11-elk-13_https.key # looging settings below are default in Linux installations (no need to modify) # But: those settings need to be adjusted and used in Windows setups # Enables you to specify a file where Kibana stores log output. logging: appenders: file: type: file fileName: /var/log/kibana/kibana.log layout: type: json root: appenders: - default - file # layout: # type: json
On one of the Elasticsearch nodes generate an access token for Kibana
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9
On the Kibana node configure Kibana:
/usr/share/kibana/bin/kibana-setup ? Enter enrollment token: eyJ2ZXIiOiI4LjYuMiIsImFkciI6WyIxMC42OC4xMDAuMTQ6OTIwMCJdLCJvZ3IoIoI0MzBhMWRiYWFhZGFmMjEzMjBiYzEyZTI5ZWM5NjhlOTNmZWQzMDA4YzgxMGMwYTY3NjMzOGYyZDY5NjE3OTAxIiwia2V5IjoiampEdXg0WUJtUDNfUFh6QlhVSWQ6WXJGMETtbV9ScWlqelZpMTJfckFpZyJ9 ✔ Kibana configured successfully. To start Kibana run: bin/kibana
Get the elasticsearch.serviceAccountToken from /etc/kibana/kibana.yml
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2NzE3MTc2Njg4OTA6QllmZml2MGpTNjZzRTdnR1RCMXhRUQ
Generate encryption keys …
/usr/share/kibana/bin/kibana-encryption-keys generate xpack.encryptedSavedObjects.encryptionKey: bdab0983a2ef291a97dd0d570329fabd xpack.reporting.encryptionKey: d10a1eb9b4088bf06a01894fe422a939 xpack.security.encryptionKey: 777d3da41a468bc3524c7c598262538b
… and add all values to the kibana-keystore
/usr/share/kibana/bin/kibana-keystore add elasticsearch.serviceAccountToken /usr/share/kibana/bin/kibana-keystore add xpack.encryptedSavedObjects.encryptionKey /usr/share/kibana/bin/kibana-keystore add xpack.reporting.encryptionKey /usr/share/kibana/bin/kibana-keystore add xpack.security.encryptionKey
remove the line with the elasticsearch.serviceAccountToken from /etc/kibana/kibana.yml
On one of the elasticsearch nodes Generate the SSL certificate and key for Kibana /usr/share/elasticsearch/bin/elasticsearch-certutil cert -name deb11-elk-04_https -dns deb11-elk-04 -pem -self-signed Tell to save it as deb11-elk-04_http.zip cp /usr/share/elasticsearch/deb11-elk-04_http.zip /mnt/backup/debby/deb11-elk-04/