In this tutorial, we will show you how to install ELK Stack on Debian 10. For those of you who didn’t know, ELK stack is a popular, open-source log management platform. It is used as centralized management for storing, analyzing, and viewing logs. Centralized management makes it easier to study the logs and identify issues if any for any number of servers.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of ELK Stack on a Debian 10 (Buster).
Prerequisites
- A server running one of the following operating systems: Debian 10 (Buster).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install ELK Stack on Debian 10 Buster
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Installing Java.
Run the following command to install Java on the Debian system:
sudo apt install openjdk-11-jre
Verify installed Java version:
java -version
Step 3. Installing Elasticsearch on Debian 10.
First, add the Elasticsearch repository:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Next, add the Elasticsearch repository to the system by issuing:
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list
Now run apt update then install Elasticsearch package on your Debian system:
sudo apt update sudo apt install elasticsearch
When the installation process is complete, start, and enable the service using the following commands:
sudo systemctl enable elasticsearch.service sudo systemctl start elasticsearch.service
You can test it using curl the command-line utility. Run the simple GET command using curl to verify the setup. You will see the Elasticsearch cluster details with the version on your screen:
curl -X GET "localhost:9200/"
You should see something similar to this:
{
"name" : "GoDeTz",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "B-5B34Meilana-MariaeIYkimpoiD3ww",
"version" : {
"number" : "6.6.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "1fd8f69",
"build_date" : "2020-12-08T17:15:36.160291Z",
"build_snapshot" : false,
"lucene_version" : "7.8.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.8.0"
},
"tagline" : "You Know, for Search"
}
Step 4. Installing Logstash.
Install Logstash using the apt package manager from the official Elastic repository:
sudo apt install logstash-oss
Once the Logstash package is installed start the Logstash service and set it to start automatically on boot:
sudo systemctl restart logstash sudo systemctl enable logstash
Step 5. Installing Kibana.
Kibana provides visualization of data stored on Elasticsearch. Now we install Kibana using the following command.
sudo apt install kibana-oss
Once the installation is completed, open the kibana.yml file and restrict the remote access to the Kibana instance:
nano /etc/kibana/kibana.yml # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. # To allow connections from remote users, set this parameter to a non-loopback address. server.host: "localhost"
Start the Kibana service and set it to start automatically on boot:
sudo systemctl start kibana sudo systemctl enable kibana
Step 6. Installing and configuring Nginx.
To configure Nginx with SSL to Proxy connection to Kibana, you need to generate the SSL/TLS certificates and create an Nginx configuration file to define Kibana settings:
sudo apt install nginx
Next, create a basic authentication file with the OpenSSL command:
echo "admin:`openssl passwd -apr1 YourPasswd`" | sudo tee -a /etc/nginx/htpasswd.kibana
Then, create a virtual host configuration file for the Kibana instance:
rm -f /etc/nginx/sites-enabled/default nano /etc/nginx/sites-available/kibana
Add the following line:
server {
listen 80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name _;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_session_cache shared:SSL:10m;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Then, create a symbolic link and test the Nginx configuration:
ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana nginx -t
Restart the Nginx service and set it to start automatically on boot:
sudo systemctl restart nginx sudo systemctl enable nginx
If UFW is running, allow Nginx connections, both HTTP and HTTPS:
sudo ufw allow 'Nginx Full'
Step 7. Accessing Kibana Web Interface.
You can access the Kibana web interface using the following URL:
https://Your-Ip-Address
Congratulations! You have successfully installed ELK Stack. Thanks for using this tutorial for installing ELK Stack on Debian 10 Buster. For additional help or useful information, we recommend you check the official ELK Stack website.
