PART 1 INSTALL ELASTICSEARCH 6 CLUSTER FOR CENTRALIZED SYSLOG

https://www.youtube.com/watch?v=ScLFL7UI644

Here we will configure Elasticsearch as a cluster and configure the ability to collect logs centrally via syslog.

 

Step.1 check to ip address for connect to ssh

sudo apt-get install ssh

 

Step.2 Install java and apply evn

sudo apt-get install software-properties-common sudo add-apt-repository ppa:webupd8team/java sudo apt-get update sudo apt-get install oracle-java8-installer

 

Step.3 Elasticsearch Install

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add – echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list sudo apt-get update sudo apt-get install elasticsearch

 

Step.4 Add to service base

sudo /bin/systemctl enable elasticsearch.service sudo /bin/systemctl daemon-reload

 

Step.5 Configuration for Elasticsearch

sudo nano /etc/elasticsearch/elasticsearch.yml

 

you need to enable parameter below list

cluster.name: node.name: network.host: http.port: discovery.zen.ping.unicast.hosts:

cluster.name:

node.name:

network.host:

http.port:

discovery.zen.ping.unicast.hosts:

 

add to host and IP

sudo nano /etc/hosts

 

Step.6 Elasticsearch state check

sudo apt-get install curl

curl -XGET http://172.16.4.151:9200/_cluster/health?pretty

curl -XGET http://172.16.4.152:9200/_all/_search?prettysudo apt-get install curl curl -XGET http://172.16.4.151:9200/_cluster/health?pretty curl -XGET http://172.16.4.152:9200/_all/_search?pretty

 

If you want to proceed with log centralization, please refer to the document below.

https://allmnet.tistory.com/entry/Part2-INSTALL-ELASTICSEARCH-6-CLUSTER-FOR-CENTRALIZED-SYSLOG

Part2-INSTALL ELASTICSEARCH 6 CLUSTER FOR CENTRALIZED SYSLOG