By
Securitynik on 2020-10-05 12:56:59
In the previous post, we installed and configured Elasticsearch on Ubuntu 20.04. In this post, we install and configure Kibana on Ubuntu 20.04.
Since we already installed some of the prerequisites in the previous post, let's focus now on installing and configuring Kibana.
root@securitynik-monitoring:/etc/elasticsearch# apt-get update && apt-get install kibana
...
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 kibana amd64 7.9.2 [302 MB]
Fetched 302 MB in 10s (31.3 MB/s)
Selecting previously unselected package kibana.
(Reading database ... 88849 files and directories currently installed.)
Preparing to unpack .../kibana_7.9.2_amd64.deb ...
Unpacking kibana (7.9.2) ...
Setting up kibana (7.9.2) ...
Processing triggers for systemd (245.4-4ubuntu3.2) ...
root@securitynik-monitoring:/etc/elasticsearch# cd /etc/kibana/ root@securitynik-monitoring:/etc/kibana# cp kibana.yml kibana.yml.ORIGINAL
root@securitynik-monitoring:~# cat /etc/kibana/kibana.yml | grep --perl-regexp "^server.port|^server.host|^server.name|^elasticsearch.host|^elasticsearch.logQueries|run" server.port: 5601 server.host: "10.0.0.1" server.name: "kibana.securitynik.local" elasticsearch.hosts: ["http://10.0.0.1:9200"] elasticsearch.logQueries: true
pid.file: /var/run/kibana/kibana.pid
root@securitynik-monitoring:~# mkdir /var/run/kibana root@securitynik-monitoring:~# chown kibana.kibana /var/run/kibana/ root@securitynik-monitoring:~# ls -al /var/run/ ... drwxr-xr-x 2 kibana kibana 40 Oct 2 09:37 kibana
root@securitynik-monitoring:/etc/kibana# systemctl daemon-reload root@securitynik-monitoring:/etc/kibana# systemctl enable --now kibana.service Synchronizing state of kibana.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable kibana Created symlink /etc/systemd/system/multi-user.target.wants/kibana.service → /etc/systemd/system/kibana.service.
root@securitynik-monitoring:/etc/kibana# systemctl status kibana.service ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-08-14 00:02:02 UTC; 49s ago Main PID: 19495 (node) Tasks: 11 (limit: 4563) Memory: 429.9M CGroup: /system.slice/kibana.service └─19495 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli Aug 14 00:02:02 securitynik-monitoring systemd[1]: Started Kibana. Aug 14 00:02:06 securitynik-monitoring kibana[19495]: {"type":"log","@timestamp":"2020-08-14T00:02:06Z","tags":["warning","plugins-d> Aug 14 00:02:06 securitynik-monitoring kibana[19495]: {"type":"log","@timestamp":"2020-08-14T00:02:06Z","tags":["warning","plugins-d>
root@securitynik-monitoring:/etc/kibana# ss --numeric --listen --process --tcp --udp Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process tcp LISTEN 0 511 10.0.0.1:5601 0.0.0.0:* users:(("node",pid=19495,fd=18)) tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9200 *:* users:(("java",pid=18392,fd=267)) tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9300 *:* users:(("java",pid=18392,fd=253))
At this point, you have the option of using the sample data provided by Elastic or explore on your own. We will explore on our own in future posts by taking advantage of the various Beats. Those are Filebeat, Packetbeat, Winlogbeat, Auditbeat and Metricbeat.
With this done, let's now move to the next post, where we provide some basic security to the communication between the Elastic stack components.
Posts in this series:
References:
https://www.elastic.co/guide/en/kibana/7.9/deb.html#deb-repo
https://www.elastic.co/guide/en/kibana/7.9/settings.html