D7 - Fleet Server and Elastic Agent Installation Guide
Explanation:
Elastic agents are the software which collect the event logs from the host system and forward them to the elasticsearch database.(Data plane)
Fleet server is the host which monitors and manages the elastic agents.(Management plane)
Create a Fleet Server VM in the Cloud
- Set up a cloud firewall with the necessary IP and port permissions for the Fleet Server.
- Create VM server with the required hardware spesifications
Connect to the Server via SSH
- Access the server and apply updates.
- sudo apt update && sudo apt upgrade
Configure UFW for Necessary Ports
- Allow the ports that will be used on the server through
ufw. - ufw allow 8220
- Allow the ports that will be used on the server through
Access Kibana GUI
- Navigate to Management > Fleet and select Add Fleet Server.
- By default, the Fleet Server runs on port 8220. Make sure this port is configured accordingly in the executiton line.
- Copy the commands given by the Kibana and paste them into ssh terminal of the fleet server
Configure Firewall Rules for ELK Stack
- Adjust both ELK's cloud firewall and UFW to allow the relevant IPs and ports needed for communication.
- Use
ufw allowto permit required traffic. - ufw allow 9200
- ufw allow 5601
- Set up cloud IP and protocol permissions.
- Use
- Adjust both ELK's cloud firewall and UFW to allow the relevant IPs and ports needed for communication.
Connect to the Windows Server for Agent Installation
- Access the target server where the agent will be installed via RDP.
Install the Agent on the Target Server
- In Kibana, select Add Agent and proceed with the installation.
- Create the necessary policies and run the provided Windows commands in target machine's PowerShell or CMD.
Conclusion
By following these steps, you will successfully install and configure both the fleet server and elastic agent.
Yorumlar
Yorum Gönder