Instalacia:

apt install gnupg2
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

sudo apt-get update
sudo apt-get install apt-transport-https


echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list


sudo apt-get update
sudo apt-get install elasticsearch

Uprava konfigu elasticsearch:

nano /etc/elasticsearch/elasticsearch.yml

network.host: "localhost"
http.port:9200
cluster.initial_master_nodes: ["<PrivateIP"]

Uprava config:

nano /etc/elasticsearch/jvm.options

-Xms8g
-Xmx8g

Štart služby

systemctl enable elasticsearch
systemctl start elasticsearch

Instalacia kibana:

sudo apt-get install kibana

nano /etc/kibana/kibana.yml

server.port: 5601
elasticsearch.url: "http://localhost:9200"

Zapnutie kibana:

systemctl enable kibana
systemctl start kibana

Filebeat install:

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.9.1-amd64.deb
sudo dpkg -i filebeat-7.9.1-amd64.deb

Povolenie netflow:

sudo filebeat modules enable netflow

systemctl enable filebeat.service
systemctl start filebeat.service

Nastavenie adresy kde nacuva netflow

 nano /etc/filebeat/modules.d/netflow.yml

netflow_host:

Instalovanie filebeat do kibany

filebeat setup