Skip to content

Instantly share code, notes, and snippets.

@k4yt3x

k4yt3x/debian-elk-install.md

Last active January 17, 2020 00:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save k4yt3x/3e29d026a8049ac16e57ea23b6761029 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save k4yt3x/3e29d026a8049ac16e57ea23b6761029 to your computer and use it in GitHub Desktop.
Download ZIP
Debian ELK Installation
Raw
debian-elk-install.md

Debian ELK Installation

This tutorial will guide you through the installation of ELK stack on Debian 10.

Compatibility

This tutorial is tested to be working with the following software versions on January 13, 2020.

  • Debian: 10
  • Elasticsearch: 7.5.1
  • Kibana: 7.5.1
  • Logstash: 7.5.1-1

Bash One-Liner

There's a bash one-liner created for debian. This one command will install the ELK stack and import the example data. This following command must be run as root.

bash <(curl -sL https://akas.io/elk.sh)

Detailed Walkthrough

The official ELK stack installation instructions can be found from the official documentations page:

First, we need to import Elasticsearch's signing key so APT can verify the downloaded packages.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Then, install ELK dependencies, including apt-transport-https which is required for downloading the packages, and default-jre which stands for the Java Runtime Environment required for some components of the ELK stack to run.

apt update
apt install -y apt-transport-https default-jre

Add Elasticsearch's Debian repository into APT repositories directory.

# write elastic APT source
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Update APT's cache and install the ELK stack packages.

apt update
apt install -y elasticsearch kibana logstash

You can choose to enable and start the services after installation.

systemctl enable --now elasticsearch
systemctl enable --now kibana
systemctl enable --now logstash

You may also install extra Elasticsearch componenets such as filebeat or audutbeat.

apt install filebeat auditbeat metricbeat packetbeat heartbeat-elastic

Automation Script

Below is an automation script that will automatically complete all the steps mentioned above. This script is also hosted at https://akas.io/elk.sh.

#!/usr/bin/bash
# Creator: K4YT3X
# Date Created: January 13, 2020
# Last Modified: January 16, 2020
# Licensed under the GNU General Public License Version 3 (GNU GPL v3),
#     available at: https://www.gnu.org/licenses/gpl-3.0.txt
# (C) 2020 K4YT3X

# check root
if [ "$EUID" -ne 0 ]
  then echo "This script must be run as root"
  exit
fi

# install elastic keys
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

# install apt HTTPS support and JRE
apt update
apt install -y apt-transport-https default-jre git

# write elastic APT source
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

# update APT cache and install elasticsearch, kibana and logstash
apt update
apt install -y elasticsearch kibana logstash filebeat auditbeat metricbeat packetbeat heartbeat-elastic

# enable and start services
systemctl enable --now elasticsearch
systemctl enable --now kibana
systemctl enable --now logstash

# end of script
echo "Script finished"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment