Thinkcmf any file to write vulnerabilities —- Learning records


Elastiflow 5.x removed the previous version of the dependence on Logstash, independently developed the alternative component Elastiflow Unify Flow Collector, solved the problem of Logstash start, closure, and slow operation. Use a CPU kernel.

Linux system

Disable Selinux.
* You need to restart to make it permanent settings.

# vi /etc/sysconfig/selinux


Close the firewall

Open the port required by Firewall-CMD

SystemCTL Stop Firewalld.service # Stop Firewall 
 SystemCtl Disable Firewalld.service #bar Firewall to start

Openjdk Installation

Install Openjdk.

# yum install java-1.8.0-openjdk-devel

Import GPG key

ReferenceOriginal ManualInstall GPG Key.

# rpm --import

Create a repository file

ReferenceOriginal ManualCreate Elasticsearch, Kibana and Logstash repository files.

vi /etc/yum.repos.d/elastic-7.x.repo

name=elastic repository for 7.x packages
yum install --enablerepo=elastic-7.x elasticsearch
yum install --enablerepo=elastic-7.x kibana

Various settings change

Since Elasticsearch will not start unless you change the cluster setting, Elasticsearch will not start,
Therefore, please modify the /etc/elasticsearch/elasticsearch.yml as follows.

vi /etc/elasticsearch/elasticsearch.yml

#discovery.seed_hosts: ["host1", "host2"]
discovery.type: single-node 

Set up the IP address from Kibana.

vi /etc/kibana/kibana.yml "localhost" ""

Service registration, automatic startup and startup settings

Register Elasticsearch, Kibana and Logstash services, and set up automatically start and start.

# systemctl daemon-reload
# systemctl enable elasticsearch.service
# systemctl start elasticsearch.service
# systemctl status elasticsearch.service
# systemctl daemon-reload
# systemctl enable kibana.service
# systemctl start kibana.service
# systemctl status kibana.service

SystemCtl Status is confirmed to start when the service name is executed.

Install Elastiflow

ReferenceLinux | ElastiFlowInstall elasticly.

Download Flow-Collector-5.2.0-1.x86_64.rpm


Install libpcap-devel

dnf install -y libpcap-devel

Install Flow-Collector-5.2.0-1.x86_64.rpm

dnf install -y flow-collector-5.2.0-1.x86_64.rpm

Modify the configuration file

vi /etc/systemd/system/flowColl.service.d/flowColl.conf 


 # Elasticsearch 
 Environment = "EF_Flow_OUTPUT_Lasticsearch_enable = TRUE"

Actual use also needs to modify the monitoring port according to the situation


The UDP port(s) on which the collector will create a socket to receive incoming packets. Multiple ports may be specified, separated by a comma. For example 2055,6343,4739

  • Valid Values
    • Any valid port number. Common values include:
      • 2055: the standard port for Netflow
      • 4739: the standard port for IPFIX
      • 6343: the standard port for sFlow
      • 9995-9998: commonly use port numbers
  • Default
    • 9995

Elastic Stack 7 Free Edition supports setting user password login to make the following settings:

vi /etc/elasticsearch/elasticsearch.yml

New configuration: true

   xpack.license.self_generated.type: basic true

After modifying the configuration, restart the Elasticsearch service

systemctl restart elasticsearch

initialization password

Execution:/usr/share/elasticsearch/bin/elasticsearch-setup-Passwords Internet

Modify kibana.yml configuration information

vi /etc/kibana/kibana.yml

elasticsearch.username: "kibana"
elasticsearch.password: "your_password"

and then restart the Kibana service

systemctl restart kibana

Edit Elastiflow Settings

vi /etc/systemd/system/flowColl.service.d/flowColl.conf 


 # A Commia Separatd List of Elasticsearch Nodes to USE. Do Not Include "http: //" or "https: //" 
 Environment = "EF_Flow_OUTPUT_Lasticsearch_addresses = 9200" " 
 Environment = "EF_Flow_OUTPUT_Lasticsearch_username = Elastic" 
 Environment = "EF_Flow_OUTPUT_Lasticsearch_password = YOUR_PASSWORD"

Restart Elastiflow

systemctl restart flowcoll.service

Visit the Kibana login page, log in the account number Elastic


Related Posts

Ruby On Rails Oracle Configure Oracleenhanced, Ruby-OCI8 installation, ORA-12154: TNS

NIPS 2018 thesis interpret

OPENCV training classifier Make XML document

vs2015 64 -bit system under Mapwingis.ocx configuration

Thinkcmf any file to write vulnerabilities —- Learning records

Random Posts

Vue project often ignored tips Rainbow

Oracle’s large data volume migration, and inlet import samples (fetch … bulk collect) and Forall combined

Bugku CTF Web (Question 10-15)

Comparison of C/C ++ LOG library

Android system version and API level control table