SOC Challenge/Day 3-Elasticsearch Installation Guide

tarih:

Day 3: Elasticsearch Installation Guide

Explanation

Elasticsearch is the database in the ELK stack that contains the logs forwarded to itself.

1. Create a Virtual Machine (VM)

Set up a cloud-based VM with the necessary hardware and operating system specifications for running Elasticsearch.

2. Configure Firewall Settings

Configure the cloud firewall to:

  • Allow SSH access to the VM.
  • Open port 9200 for Elasticsearch.

3. Connect to the VM via SSH

Once the firewall is configured, connect to the VM and update the system:

ssh root@<your_VM_IP>
sudo apt update && sudo apt upgrade -y

4. Download and Install Elasticsearch

Download the Elasticsearch package and its checksum, verify integrity, and install:

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.2-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.2-amd64.deb.sha512
shasum -a 512 -c elasticsearch-8.15.2-amd64.deb.sha512
sudo dpkg -i elasticsearch-8.15.2-amd64.deb

5. Configure Elasticsearch Settings

Restart the VM and modify the Elasticsearch configuration:

reboot
cd /etc/elasticsearch
nano elasticsearch.yml
  • Set the public IP address.
  • Configure the port.

6. Allow Elasticsearch Port in Firewall

Open the 9200 port in the VM’s firewall:

ufw allow 9200

7. Start Elasticsearch Service

Enable and start the Elasticsearch service:

systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service

Conclusion

By completing these steps, you will have successfully installed and configured Elasticsearch on your virtual machine.

Yorumlar

Yorum Gönder