Install ELK On Ubuntu 18.04 Bionic Beaver Linux

Objective

Install ELK on Ubuntu 18.04 Bionic Beaver

Distributions

Ubuntu 18.04

Requirements

A working install of Ubuntu 18.04 with root privileges

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Other Versions of this Tutorial

Ubuntu 20.04 (Focal Fossa)

What is ELK

If you’re in a situation where you manage large amonts of data logs, the ELK stack is exactly what you’re looking for. The ELK stack combines Elasticsearch, Logstash, and Kibana into a simple, yet powerful, open source stack that lets you manage large amounts of logged data from a convenient graphical web interface.

All three tools are developed by Elastic, so they work in tandem perfectly, and they’re very easy to get set up on your Ubuntu system.

Install The Dependencies

Begin by installing the dependencies. These are all fairly common, though there are a couple of notes that you need to take into account. Of course, these are Nginx-based, so disable Apache or switch the port, if you’re using it.

Logstash doesn’t support Java 10, which is available on Bionic from openjdk-11-jre. If you have it installed on your system, remove it. Use the older version until Logstash gets support.

$ sudo apt install openjdk-8-jre apt-transport-https wget nginx


Add The Elastic Repository

Elastic provides a complete repository for Debian based systems that includes all three pieces of software. You just need to add it to your system. Begin by importing their GPG key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Next, add the repository. Create a file at /etc/apt/sources.list.d/elastic.list, and paste the following line into it.

deb https://artifacts.elastic.co/packages/6.x/apt stable main

Save that file, and exit. Update Apt.

$ sudo apt update

Install Elasticsearch and Kibana

You’re now ready to install Elasticsearch and Kibana. They’re available through Apt, so get them like you normally would.

$ sudo apt install elasticsearch kibana

You need to edit the Kibana configuration file at /etc/kibana/kibana.yml to tell it that the host server is localhost. The line is already there. Uncomment it.

server.host: "localhost"

Restart Kibana and start up Elasticsearch, and both will be ready to go.

$ sudo systemctl restart kibana
$ sudo systemctl start elasticsearch

Set Up Nginx

Kibana is served through Nginx, so you need to set up a basic Nginx configuration to get it to serve your instance of Kibana.

Start by creating a password for Kibana. This way, your server isn’t accessible openly on the Internet. Use OpenSSL to generate the password, and place it in /etc/nginx/htpasswd.kibana. You can change the username to anything you want. In this instance, it’s admin.

$ echo "admin:`openssl passwd -apr1 YourPassword`" | sudo tee -a /etc/nginx/htpasswd.kibana
Kibana Nginx Configuration On Ubuntu 18.04

Kibana Nginx Configuration On Ubuntu 18.04


After you have your password, create an Nginx configuration similar to the one below at /etc/nginx/sites-available. Make sure to use your actual server url or IP. The defaults should be good for everything else.

server {
        listen 80;

        server_name your-site.com;

        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/htpasswd.kibana;

        location / {
            proxy_pass http://localhost:5601;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;        
        }
    }

After you have your configuration, remove the existing default config, and create a new symlink in sites-enabled for Kibana.

$ sudo rm /etc/nginx/sites-enabled/default
$ sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana

Restart Nginx for the changes to take effect.

$ sudo systemctl restart nginx

Install Logstash

The last thing that you need to do is install Logstash. Just install it with your package manager.

$ sudo apt install logstash

Sign In To Kibana

Open up your browser, and go to the address that you assigned to your Kibana instance in the Nginx configuration. You should be prompted to enter the username and password that you set up for Kibana. Enter them.

Kibana Running On Ubuntu 18.04

Kibana Running On Ubuntu 18.04

You’ll see the Kibana dashboard appear, fully operational. You can begin using Kibana and setting up your preferences.

Closing Thoughts

Your ELK stack is fully operational on Ubuntu. ELK can help you manage your logs, and Kibana specifically has some excellent tools to help you visualize and organize that data.