Prerequisites:

To complete this tutorial, you will require root access to an CentOS 7 VPS. Instructions to set that up can be found here (steps 3 and Initial Server Setup with CentOS 7.

If you would prefer to use Ubuntu instead, check out this tutorial: How To Install ELK on Ubuntu 14.04.

The amount of CPU, RAM, and storage that your ELK Server will require depends on the volume of logs that you intend to gather. For this tutorial, we will be using a VPS with the following specs for our ELK Server: ``` OS: CentOS 7 RAM: 4GB CPU: 2

In addition to your ELK Server, you will want to have a few other servers that you will gather logs from.

Let's get started on setting up our ELK Server!

Install Java 8

Elasticsearch and Logstash require Java, so we will install that now. We will install a recent version of Oracle Java 8 because that is what Elasticsearch recommends. It should, however, work fine with OpenJDK, if you decide to go that route. Following the steps in this section means that you accept the Oracle Binary License Agreement for Java SE.

Change to your home directory and download the Oracle Java 8 (Update 65) JDK RPM with these commands:

cd ~

wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u65-b17/jdk-8u65-linux-x64.rpm"

Then install the RPM with this yum command (if you downloaded a different release, substitute the filename here):

sudo yum localinstall jdk-8u65-linux-x64.rpm

Now Java should be installed at /usr/java/jdk1.8.0_65/jre/bin/java, and linked from /usr/bin/java.

You may delete the archive file that you downloaded earlier:

rm ~/jdk-8u65-linux-x64.rpm

Now that Java 8 is installed, let's install ElasticSearch.

Install Elasticsearch

Elasticsearch can be installed with a package manager by adding Elastic's package repository.

Run the following command to import the Elasticsearch public GPG key into rpm:

sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

Create and edit a new yum repository file for Elasticsearch:

sudo vi /etc/yum.repos.d/elasticsearch.repo

Add the following repository configuration:

          /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-2.1]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Save and exit.

Install Elasticsearch with this command:

sudo yum -y install elasticsearch

Elasticsearch is now installed. Let's edit the configuration:

sudo vi /etc/elasticsearch/elasticsearch.yml

You will want to restrict outside access to your Elasticsearch instance (port 9200), so outsiders can't read your data or shutdown your Elasticsearch cluster through the HTTP API. Find the line that specifies network.host, uncomment it, and replace its value with "localhost" so it looks like this:

         elasticsearch.yml excerpt (updated)

network.host: localhost

Save and exit ```elasticsearch.yml.```

Now start Elasticsearch:

sudo systemctl start elasticsearch

Then run the following command to start Elasticsearch automatically on boot up:

sudo systemctl enable elasticsearch

Now that Elasticsearch is up and running, let's install Kibana.
Install Kibana

Before installing Kibana, let's set up a kibana user and group, which will own and run Kibana:

sudo groupadd -g 1005 kibana sudo useradd -u 1005 -g 1005 kibana

If those commands fail because the ```1005``` GID or UID already exist, replace the number with IDs that are free.

Download Kibana to your home directory with the following command:

cd ~; wget https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz

Extract Kibana archive with tar:

tar xvf kibana-*.tar.gz

Open the Kibana configuration file for editing:

vi ~/kibana-4*/config/kibana.yml