OPNsense Elastic Search: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 26: | Zeile 26: | ||
= Konfiguration = | = Konfiguration = | ||
| + | == Kibana == | ||
*'''vim ''/etc/kibana/kibana.yml'' ''' | *'''vim ''/etc/kibana/kibana.yml'' ''' | ||
| Zeile 33: | Zeile 34: | ||
server.host: "0.0.0.0" | server.host: "0.0.0.0" | ||
... | ... | ||
| + | |||
| + | == Pfelk == | ||
| + | |||
| + | * Konfigurationsordner anlegen | ||
| + | *'''sudo mkdir -p /etc/pfelk/{conf.d,config,logs,databases,patterns,scripts,templates}''' | ||
| + | *'''cp /pfelk/pfelk/main/etc/pfelk/conf.d/01-inputs.pfelk -P /etc/pfelk/conf.d/''' | ||
| + | *'''cp pfelk/pfelk/main/etc/pfelk/conf.d/02-firewall.pfelk -P /etc/pfelk/conf.d/''' | ||
| + | *'''cp pfelk/pfelk/main/etc/pfelk/conf.d/05-apps.pfelk -P /etc/pfelk/conf.d/''' | ||
| + | *'''cp pfelk/pfelk/main/etc/pfelk/conf.d/30-geoip.pfelk -P /etc/pfelk/conf.d/''' | ||
| + | *'''cp pfelk/pfelk/main/etc/pfelk/conf.d/49-cleanup.pfelk -P /etc/pfelk/conf.d/''' | ||
| + | *'''cp pfelk/pfelk/main/etc/pfelk/conf.d/50-outputs.pfelk -P /etc/pfelk/conf.d/''' | ||
= Links = | = Links = | ||
* https://github.com/pfelk/pfelk | * https://github.com/pfelk/pfelk | ||
Version vom 29. Februar 2024, 12:29 Uhr
Vorraussetzungen
Hardware
- 8 - 32 GB RAM
- 32 GB Festplattenspeicher für Docker und ELK Stack
Swap für mehr Stabilität entfernen
- Falls eine Swap-Partition bei der Installation erstellt wurde, empfiehlt die Dokumentation, diese auszuschalten
- swapoff -a
- vim /etc/fstab # swap entfernen
Maximale Memory Maps erhöhen
- vim /etc/sysctl.conf
vm.max_map_count=262144
- sysctl -p
Installation
- apt install apt-transport-https gnupg2 software-properties-common dirmngr lsb-release ca-certificates git
- wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
- echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
- apt-get update
- apt-get install elasticsearch kibana logstash
- Konfigurationstemplates holen
- git clone https://github.com/pfelk/pfelk
Konfiguration
Kibana
- vim /etc/kibana/kibana.yml
... server.port: 5601 ... server.host: "0.0.0.0" ...
Pfelk
- Konfigurationsordner anlegen
- sudo mkdir -p /etc/pfelk/{conf.d,config,logs,databases,patterns,scripts,templates}
- cp /pfelk/pfelk/main/etc/pfelk/conf.d/01-inputs.pfelk -P /etc/pfelk/conf.d/
- cp pfelk/pfelk/main/etc/pfelk/conf.d/02-firewall.pfelk -P /etc/pfelk/conf.d/
- cp pfelk/pfelk/main/etc/pfelk/conf.d/05-apps.pfelk -P /etc/pfelk/conf.d/
- cp pfelk/pfelk/main/etc/pfelk/conf.d/30-geoip.pfelk -P /etc/pfelk/conf.d/
- cp pfelk/pfelk/main/etc/pfelk/conf.d/49-cleanup.pfelk -P /etc/pfelk/conf.d/
- cp pfelk/pfelk/main/etc/pfelk/conf.d/50-outputs.pfelk -P /etc/pfelk/conf.d/