Created
October 4, 2018 21:46
-
-
Save iamhowardtheduck/067f03587884b7111cecb68076c7d2a7 to your computer and use it in GitHub Desktop.
Automated install (not config) of the entire Elastic Stack.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# ------------------------------------------------------------------------------ | |
# | |
# install epel gpg key | |
echo "Installing EPEL gpg key." | |
rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 | |
# install epel | |
echo "Installing EPEL repository" | |
yum install epel* -y | |
# | |
# install updates and needed programs | |
echo "Installing packages and helpful tools" | |
yum install net-tools java-1.8* chrony htop unzip nfs-utils epel* lsof* libevent* nano epel* chrony* libgcrypt* libseccomp* libtool-ltdl* systemd-libs* device-mapper-libs* libevent* lsof* net-tools* nfs-utils* keyutils* htop git wget unzip nano -y && yum update -y | |
# | |
# install Group packages | |
echo "Group installing Development Tools, Web Server, & Compatibility Libraries" | |
yum groupinstall "Development Tools" "Web Server" "Compatibility Libraries" -y | |
# | |
# turn off firewalld | |
echo "Turning off the firewall, since this is a lab; DO NOT DO THIS IN PRODUCTION! ☺" | |
service firewalld stop | |
systemctl stop firewalld | |
systemctl disable firewalld | |
# | |
# import Elastic gpg key | |
echo "Import Elastic gpg key" | |
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
# | |
# | |
# create Elastic repo | |
echo "Creating Elastic, Kibana, & Logstash repositories" | |
touch /etc/yum.repos.d/elasticsearch.repo | |
echo "[elasticsearch-6.x]" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "gpgcheck=1" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "enabled=1" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "autorefresh=1" >> /etc/yum.repos.d/elasticsearch.repo | |
echo "type=rpm-md" >> /etc/yum.repos.d/elasticsearch.repo | |
# | |
# create Kibana repo | |
touch /etc/yum.repos.d/kibana.repo | |
echo "[kibana-6.x]" >> /etc/yum.repos.d/kibana.repo | |
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/kibana.repo | |
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum" >> /etc/yum.repos.d/kibana.repo | |
echo "gpgcheck=1" >> /etc/yum.repos.d/kibana.repo | |
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" >> /etc/yum.repos.d/kibana.repo | |
echo "enabled=1" >> /etc/yum.repos.d/kibana.repo | |
echo "autorefresh=1" >> /etc/yum.repos.d/kibana.repo | |
echo "type=rpm-md" >> /etc/yum.repos.d/kibana.repo | |
# | |
# create Logstash repo | |
touch /etc/yum.repos.d/logstash.repo | |
echo "[logstash-6.x]" >> /etc/yum.repos.d/logstash.repo | |
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/logstash.repo | |
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum" >> /etc/yum.repos.d/logstash.repo | |
echo "gpgcheck=1" >> /etc/yum.repos.d/logstash.repo | |
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" >> /etc/yum.repos.d/logstash.repo | |
echo "enabled=1" >> /etc/yum.repos.d/logstash.repo | |
echo "autorefresh=1" >> /etc/yum.repos.d/logstash.repo | |
echo "type=rpm-md" >> /etc/yum.repos.d/logstash.repo | |
# | |
# install Elastic, Kibana, Logstash, Beats | |
yum install elasticsearch kibana logstash metricbeat filebeat packetbeat auditbeat heartbeat-elastic -y | |
# | |
# | |
echo "Congratulations, Elasticsearch, Kibana, Logstash, and the myriad of Beats have been installed." | |
echo "The system will now reboot and rub your feet, well maybe not rub your feet. ☺" | |
reboot now |
Append to the top of your logstash.yml file; it is located here: /etc/logstash/logstash.yml
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: 10.0.100.5:9200
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
COMMAND TO START LOGSTASH:
ONLY CONNECTORS
bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=smartconnector" -M "arcsight.var.input.smartconnector.port=5050" -M "arcsight.var.input.eventbroker.topics=CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &
ONLY 1 TOPIC
bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &
MULTIPLE TOPICS
bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-C,CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &
CONNECTORS & MULTIPLE TOPICS
bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker,smartconnector" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-C,CEF-U" -M "arcsight.var.input.smartconnector.port=5050" -M "arcsight.var.elasticsearch.hosts=10.0.100.9:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.9:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &