ELK is the answer to managing large amounts of log data on Ubuntu 20.04 Focal Fossa. The ELK stack combines Elasticsearch, Logstash, and Kibana, which are open source tools that work in tandem to provide you with the ability to manage log data from a convenient graphical web interface.
These three tools are developed by Elastic and specifically designed to work together. In this guide, we’ll show you the steps required to get ELK up and running on your Ubuntu 20.04 system.
In this tutorial you will learn:
- How to install ELK dependencies
- How to configure Nginx for Kibana
- How to install ELK
- how to configure and access ELK
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa |
Software | ELK, Nginx, Java, apt-transport-https, wget |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Installing the dependencies
Get started by installing the dependencies, which are fairly common packages anyway. Keep in mind that ELK is nginx-based, so we’ll be setting up a web server through nginx
. If you already have Apache installed, you’ll need to disable it or change the port so that the two don’t conflict.
Logstash requires Java 8 or Java 11. In our examples, we’re going to install Java 11; however, you can check what’s installed on your system with this command:
$ java -version
If it’s something other than 8 or 11, you’ll need to remove it before proceeding.
Open a terminal and enter the following command to get all of the ELK dependencies installed:
$ sudo apt install openjdk-11-jre apt-transport-https wget nginx
Add the Elastic repository
Elastic has a complete repository available for Debian based systems, which includes the three pieces of the ELK stack that we’ll be installing. Follow these steps to get the repository added to your system:
- First, import Elastic’s GPG key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
- Next, use
nano
or your preferred text editor to create the following file:$ sudo nano /etc/apt/sources.list.d/elastic.list
- Inside that file, paste the following line, then exit and save the file:
deb https://artifacts.elastic.co/packages/6.x/apt stable main
- Finally, you can update
apt
now that the repository is added:$ sudo apt update
Install Elasticsearch and Kibana
Now you’ll be able to install Elasticsearch and Kibana through apt
like you would an ordinary package.
- Enter the following command in your terminal to install Elasticsearch and Kibana:
$ sudo apt install elasticsearch kibana
- Next, you need to edit the Kibana configuration file to set the host server as
localhost
:$ sudo nano /etc/kibana/kibana.yml
- Inside
kibana.yml
, find the following line and uncomment it:server.host: "localhost"
- Save your changes to the configuration file and exit it. Then, restart Kibana and start up Elasticsearch:
$ sudo systemctl restart kibana $ sudo systemctl start elasticsearch
Setting up Nginx
You will be accessing Kibana through Nginx, so we’ll need to set up a basic Nginx configuration to serve your instance of Kibana. Follow these steps to setup Nginx and put the finishing touches on Kibana.
- Start by creating a password for Kibana. This way, your server isn’t accessible openly on the Internet. The following line will use OpenSSL to generate the password, and place it in
/etc/nginx/htpasswd.kibana
. In this example, the username is set toadmin
and the password is set toYourPassword
, but you can replace those values with anything you want:
$ echo "admin:`openssl passwd -apr1 YourPassword`" | sudo tee -a /etc/nginx/htpasswd.kibana
- After your password has been generated, we need to create a new Nginx configuration file to serve our instance of Kibana:
$ sudo nano /etc/nginx/sites-available/kibana
- Inside this new file, you can paste the following code:
server { listen 80; server_name your-site.com; auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/htpasswd.kibana; location / { proxy_pass http://localhost:5601; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
Just make sure that you replace
your-site.com
with the hostname or IP address of your server, and then save and exit the file. - Once the new configuration is saved, you need to remove the existing default config, and create a new symlink in
sites-enabled
for Kibana.$ sudo rm /etc/nginx/sites-enabled/default $ sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
- Lastly, restart Nginx for all of the changes to take effect:
$ sudo systemctl restart nginx
Install Logstash
Now, we can finish by installing Logstash. Use the following command to install it with your package manager:
$ sudo apt install logstash
Sign into Kibana
Open up a browser and navigate to the address that you assigned to Kibana. To login, you’ll need to enter the admin username and password you set up earlier.
After logging in, you’ll be brought to the fully operational Kibana dashboard. Now you can begin using Kibana and setting up your preferences.
Conclusion
In this article, we learned how to install ELK and its required dependencies on Ubuntu 20.04 Focal Fossa. We also saw how to configure ELK, which required setting a username and password, as well as some Nginx configuration in order to access the Kibana dashboard.
ELK can help you manage your logs, and Kibana specifically has some excellent tools to help you visualize and organize that data.