Elastiflow 5.x removed the previous version of the dependence on Logstash, independently developed the alternative component Elastiflow Unify Flow Collector, solved the problem of Logstash start, closure, and slow operation. Use a CPU kernel.
Linux system
Disable Selinux.
* You need to restart to make it permanent settings.
# vi /etc/sysconfig/selinux
SELINUX=disabled
Close the firewall
Open the port required by Firewall-CMD
SystemCTL Stop Firewalld.service # Stop Firewall
SystemCtl Disable Firewalld.service #bar Firewall to startOpenjdk Installation
Install Openjdk.
# yum install java-1.8.0-openjdk-devel
Import GPG key
ReferenceOriginal ManualInstall GPG Key.
# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
Create a repository file
ReferenceOriginal ManualCreate Elasticsearch, Kibana and Logstash repository files.
vi /etc/yum.repos.d/elastic-7.x.repo
[elastic-7.x]
name=elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
yum install --enablerepo=elastic-7.x elasticsearch
yum install --enablerepo=elastic-7.x kibana
Various settings change
Since Elasticsearch will not start unless you change the cluster setting, Elasticsearch will not start,
Therefore, please modify the /etc/elasticsearch/elasticsearch.yml as follows.
vi /etc/elasticsearch/elasticsearch.yml
#discovery.seed_hosts: ["host1", "host2"]
discovery.type: single-node
Set up the IP address from Kibana.
vi /etc/kibana/kibana.yml
#server.host: "localhost"
server.host: "0.0.0.0"
Service registration, automatic startup and startup settings
Register Elasticsearch, Kibana and Logstash services, and set up automatically start and start.
# systemctl daemon-reload
# systemctl enable elasticsearch.service
# systemctl start elasticsearch.service
# systemctl status elasticsearch.service
# systemctl daemon-reload
# systemctl enable kibana.service
# systemctl start kibana.service
# systemctl status kibana.service
SystemCtl Status is confirmed to start when the service name is executed.
Install Elastiflow
ReferenceLinux | ElastiFlowInstall elasticly.
Download Flow-Collector-5.2.0-1.x86_64.rpm
wget https://elastiflow-packages.s3.amazonaws.com/flow-collector/flow-collector-5.2.0-1.x86_64.rpm
Install libpcap-devel
dnf install -y libpcap-devel
Install Flow-Collector-5.2.0-1.x86_64.rpm
dnf install -y flow-collector-5.2.0-1.x86_64.rpm
Modify the configuration file
vi /etc/systemd/system/flowColl.service.d/flowColl.conf
Set EF_FLOW_OUTPUT_LASTICSEARCH_ENABL
# Elasticsearch
Environment = "EF_Flow_OUTPUT_Lasticsearch_enable = TRUE"Actual use also needs to modify the monitoring port according to the situation
EF_FLOW_SERVER_UDP_PORT#
The UDP port(s) on which the collector will create a socket to receive incoming packets. Multiple ports may be specified, separated by a comma. For example 2055,6343,4739
- Valid Values
- Any valid port number. Common values include:
2055: the standard port for Netflow4739: the standard port for IPFIX6343: the standard port for sFlow9995-9998: commonly use port numbers
- Any valid port number. Common values include:
- Default
9995
Environment="EF_FLOW_SERVER_UDP_PORT=9995"
https://docs.elastiflow.com/docs/kibana
https://raw.githubusercontent.com/elastiflow/elastiflow_for_elasticsearch/master/kibana/kibana-7.12.x-codex-light.ndjsonElastic Stack 7 Free Edition supports setting user password login to make the following settings:
vi /etc/elasticsearch/elasticsearch.yml
New configuration:
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: trueAfter modifying the configuration, restart the Elasticsearch service
systemctl restart elasticsearch
initialization password
Execution:/usr/share/elasticsearch/bin/elasticsearch-setup-Passwords Internet
Modify kibana.yml configuration information
vi /etc/kibana/kibana.yml
elasticsearch.username: "kibana"
elasticsearch.password: "your_password"and then restart the Kibana service
systemctl restart kibana
Edit Elastiflow Settings
vi /etc/systemd/system/flowColl.service.d/flowColl.conf
Set EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD = YOUR_PASSWORD
# A Commia Separatd List of Elasticsearch Nodes to USE. Do Not Include "http: //" or "https: //"
Environment = "EF_Flow_OUTPUT_Lasticsearch_addresses = 127.0.0.1: 9200" "
Environment = "EF_Flow_OUTPUT_Lasticsearch_username = Elastic"
Environment = "EF_Flow_OUTPUT_Lasticsearch_password = YOUR_PASSWORD"Restart Elastiflow
systemctl restart flowcoll.service
Visit the Kibana login page, log in the account number Elastic