tkuennen/elk-install.sh

## elk-install.sh
 cd ~
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.rpm"
sudo yum localinstall jdk-8u65-linux-x64.rpm
rm ~/jdk-8u65-linux-x64.rpm

sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

echo '[elasticsearch-2.1]' >> /etc/yum.repos.d/elasticsearch.repo'
echo 'name=Elasticsearch repository for 2.x packages' >> /etc/yum.repos.d/elasticsearch.repo'
echo 'baseurl=http://packages.elastic.co/elasticsearch/2.x/centos' >> /etc/yum.repos.d/elasticsearch.repo'
echo 'gpgcheck=1' >> /etc/yum.repos.d/elasticsearch.repo'
echo 'gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch' >> /etc/yum.repos.d/elasticsearch.repo'
echo 'enabled=1' >> /etc/yum.repos.d/elasticsearch.repo'

sudo yum -y install elasticsearch

echo 'network.host: localhost' >> /etc/elasticsearch/elasticsearch.yml

sudo systemctl start elasticsearch

sudo systemctl enable elasticsearch

sudo groupadd -g 1005 kibana
sudo useradd -u 1005 -g 1005 kibana

cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz

tar xvf kibana-*.tar.gz

echo 'server.host: "localhost"' >> ~/kibana-4*/config/kibana.yml

sudo mkdir -p /opt/kibana

sudo cp -R ~/kibana-4*/* /opt/kibana/

sudo chown -R kibana: /opt/kibana

cd /etc/init.d && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-init

cd /etc/default && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-default

sudo chmod +x /etc/init.d/kibana
sudo service kibana start
sudo chkconfig kibana on

sudo yum -y install epel-release

sudo yum -y install nginx httpd-tools

sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin

echo '   server {                                              ' >> /etc/nginx/conf.d/kibana.conf
echo '        listen 80;                                       ' >> /etc/nginx/conf.d/kibana.conf
echo '                                                         ' >> /etc/nginx/conf.d/kibana.conf
echo '        server_name example.com;                         ' >> /etc/nginx/conf.d/kibana.conf
echo '                                                         ' >> /etc/nginx/conf.d/kibana.conf
echo '        auth_basic "Restricted Access";                  ' >> /etc/nginx/conf.d/kibana.conf
echo '        auth_basic_user_file /etc/nginx/htpasswd.users;  ' >> /etc/nginx/conf.d/kibana.conf
echo '                                                         ' >> /etc/nginx/conf.d/kibana.conf
echo '        location / {                                     ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_pass http://localhost:5601;            ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_http_version 1.1;                      ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_set_header Upgrade $http_upgrade;      ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_set_header Connection 'upgrade';       ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_set_header Host $host;                 ' >> /etc/nginx/conf.d/kibana.conf
echo '            proxy_cache_bypass $http_upgrade;            ' >> /etc/nginx/conf.d/kibana.conf
echo '        }                                                ' >> /etc/nginx/conf.d/kibana.conf
echo '    }                                                    ' >> /etc/nginx/conf.d/kibana.conf


sudo systemctl start nginx
sudo systemctl enable


echo '    [logstash-2.1]                                               ' >> /etc/yum.repos.d/logstash.repo
echo '    name=logstash repository for 2.1 packages                    ' >> /etc/yum.repos.d/logstash.repo
echo '    baseurl=http://packages.elasticsearch.org/logstash/2.1/centos' >> /etc/yum.repos.d/logstash.repo
echo '    gpgcheck=1                                                   ' >> /etc/yum.repos.d/logstash.repo
echo '    enabled=1                                                    ' >> /etc/yum.repos.d/logstash.repo

sudo yum -y install logstash

echo ' subjectAltName = IP: logstash_server_private_ip' >> /etc/pki/tls/openssl.cnf

cd /etc/pki/tls
sudo openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 1095 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

echo '    input {                                                            ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '      beats {                                                          ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '        port => 5044                                                   ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '        type => "logs"                                                 ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '        ssl => true                                                    ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '        ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt" ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '        ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"       ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '      }                                                                ' >> /etc/logstash/conf.d/02-filebeat-input.conf
echo '    }                                                                  ' >> /etc/logstash/conf.d/02-filebeat-input.conf


echo '    filter {                                                                     ' >> /etc/logstash/conf.d/10-syslog.conf
echo '      if [type] == "syslog" {                                                    ' >> /etc/logstash/conf.d/10-syslog.conf
echo '        grok {                                                                   ' >> /etc/logstash/conf.d/10-syslog.conf
echo '          match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }  ' >> /etc/logstash/conf.d/10-syslog.conf
echo '          add_field => [ "received_at", "%{@timestamp}" ]                        ' >> /etc/logstash/conf.d/10-syslog.conf
echo '          add_field => [ "received_from", "%{host}" ]                            ' >> /etc/logstash/conf.d/10-syslog.conf
echo '        }                                                                        ' >> /etc/logstash/conf.d/10-syslog.conf
echo '        syslog_pri { }                                                           ' >> /etc/logstash/conf.d/10-syslog.conf
echo '        date {                                                                   ' >> /etc/logstash/conf.d/10-syslog.conf
echo '          match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]  ' >> /etc/logstash/conf.d/10-syslog.conf
echo '        }                                                                        ' >> /etc/logstash/conf.d/10-syslog.conf
echo '      }                                                                          ' >> /etc/logstash/conf.d/10-syslog.conf
echo '    }                                                                            ' >> /etc/logstash/conf.d/10-syslog.conf


echo '    output {                                              ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
echo '      elasticsearch { hosts => ["localhost:9200"] }       ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
echo '      stdout { codec => rubydebug }                       ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
echo '    }                                                     ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf

sudo service logstash configtest
sudo systemctl restart logstash
sudo chkconfig logstash on
	cd ~
	wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.rpm"
	sudo yum localinstall jdk-8u65-linux-x64.rpm
	rm ~/jdk-8u65-linux-x64.rpm

	sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

	echo '[elasticsearch-2.1]' >> /etc/yum.repos.d/elasticsearch.repo'
	echo 'name=Elasticsearch repository for 2.x packages' >> /etc/yum.repos.d/elasticsearch.repo'
	echo 'baseurl=http://packages.elastic.co/elasticsearch/2.x/centos' >> /etc/yum.repos.d/elasticsearch.repo'
	echo 'gpgcheck=1' >> /etc/yum.repos.d/elasticsearch.repo'
	echo 'gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch' >> /etc/yum.repos.d/elasticsearch.repo'
	echo 'enabled=1' >> /etc/yum.repos.d/elasticsearch.repo'

	sudo yum -y install elasticsearch

	echo 'network.host: localhost' >> /etc/elasticsearch/elasticsearch.yml

	sudo systemctl start elasticsearch

	sudo systemctl enable elasticsearch

	sudo groupadd -g 1005 kibana
	sudo useradd -u 1005 -g 1005 kibana

	cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz

	tar xvf kibana-*.tar.gz

	echo 'server.host: "localhost"' >> ~/kibana-4*/config/kibana.yml

	sudo mkdir -p /opt/kibana

	sudo cp -R ~/kibana-4/ /opt/kibana/

	sudo chown -R kibana: /opt/kibana

	cd /etc/init.d && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-init

	cd /etc/default && sudo curl -o kibana https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/fc5025c3fc499ad8262aff34ba7fde8c87ead7c0/kibana-4.x-default

	sudo chmod +x /etc/init.d/kibana
	sudo service kibana start
	sudo chkconfig kibana on

	sudo yum -y install epel-release

	sudo yum -y install nginx httpd-tools

	sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin

	echo ' server { ' >> /etc/nginx/conf.d/kibana.conf
	echo ' listen 80; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' ' >> /etc/nginx/conf.d/kibana.conf
	echo ' server_name example.com; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' ' >> /etc/nginx/conf.d/kibana.conf
	echo ' auth_basic "Restricted Access"; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' auth_basic_user_file /etc/nginx/htpasswd.users; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' ' >> /etc/nginx/conf.d/kibana.conf
	echo ' location / { ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_pass http://localhost:5601; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_http_version 1.1; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_set_header Upgrade $http_upgrade; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_set_header Connection 'upgrade'; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_set_header Host $host; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' proxy_cache_bypass $http_upgrade; ' >> /etc/nginx/conf.d/kibana.conf
	echo ' } ' >> /etc/nginx/conf.d/kibana.conf
	echo ' } ' >> /etc/nginx/conf.d/kibana.conf


	sudo systemctl start nginx
	sudo systemctl enable


	echo ' [logstash-2.1] ' >> /etc/yum.repos.d/logstash.repo
	echo ' name=logstash repository for 2.1 packages ' >> /etc/yum.repos.d/logstash.repo
	echo ' baseurl=http://packages.elasticsearch.org/logstash/2.1/centos' >> /etc/yum.repos.d/logstash.repo
	echo ' gpgcheck=1 ' >> /etc/yum.repos.d/logstash.repo
	echo ' enabled=1 ' >> /etc/yum.repos.d/logstash.repo

	sudo yum -y install logstash

	echo ' subjectAltName = IP: logstash_server_private_ip' >> /etc/pki/tls/openssl.cnf

	cd /etc/pki/tls
	sudo openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 1095 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

	echo ' input { ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' beats { ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' port => 5044 ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' type => "logs" ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' ssl => true ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt" ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' ssl_key => "/etc/pki/tls/private/logstash-forwarder.key" ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' } ' >> /etc/logstash/conf.d/02-filebeat-input.conf
	echo ' } ' >> /etc/logstash/conf.d/02-filebeat-input.conf


	echo ' filter { ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' if [type] == "syslog" { ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' grok { ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' add_field => [ "received_at", "%{@timestamp}" ] ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' add_field => [ "received_from", "%{host}" ] ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' syslog_pri { } ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' date { ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf
	echo ' } ' >> /etc/logstash/conf.d/10-syslog.conf




	echo ' output { ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
	echo ' elasticsearch { hosts => ["localhost:9200"] } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
	echo ' stdout { codec => rubydebug } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf
	echo ' } ' >> /etc/logstash/conf.d/30-elasticsearch-output.conf

	sudo service logstash configtest
	sudo systemctl restart logstash
	sudo chkconfig logstash on