Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 375bed10 authored by a3ilson's avatar a3ilson Committed by GitHub
Browse files

Update README.md

parent 4a1984bf
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 63 additions and 22 deletions
README.md
+ 63
22
View file @ 375bed10
......@@ -9,34 +9,49 @@ You can view installation guide guide on [3ilson.org YouTube Channel ](https://w
# Preparation
### 1. Add Oracle Java Repository
```sudo add-apt-repository ppa:webupd8team/java```
```
sudo add-apt-repository ppa:webupd8team/java
```
### 2. Download and install the public GPG signing key
```wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -```
```
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
```
### 3. Download and install apt-transport-https package
```'sudo apt-get install apt-transport-https'```
```
sudo apt-get install apt-transport-https
```
### 4. Add Elasticsearch|Logstash|Kibana Repositories (version 6+)
```echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list```
```
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
```
### 5. Update
```sudo apt-get update```
```
sudo apt-get update
```
### 6. Install Java 8
```sudo apt-get install oracle-java8-installer```
```
sudo apt-get install oracle-java8-installer
```
# Install
- Elasticsearch v6.6+ | Kibana v6.6+ | Logstash v6.6+
### 8. Install Elasticsearch|Kibana|Logstash
```sudo apt-get install elasticsearch && sudo apt-get install kibana && sudo apt-get install logstash```
```
sudo apt-get install elasticsearch && sudo apt-get install kibana && sudo apt-get install logstash
```
# Configure Kibana|v6.6+
### 9. Configure Kibana
```sudo nano /etc/kibana/kibana.yml```
```
sudo nano /etc/kibana/kibana.yml
```
### 10. Amend host file (/etc/kibana/kibana.yml)
```server.port: 5601
......@@ -46,28 +61,46 @@ server.host: "0.0.0.0"
# Configure Logstash|v6.6+
### 11. Change Directory
```cd /etc/logstash/conf.d```
```
cd /etc/logstash/conf.d
```
### 12. Download the following configuration files
```sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/01-inputs.conf```
```
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/01-inputs.conf
```
```sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/10-syslog.conf```
```
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/10-syslog.conf
```
```sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/11-pfsense.conf```
```
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/11-pfsense.conf
```
```sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/30-outputs.conf```
```
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/30-outputs.conf
```
### 13. Make Patterns Folder
```sudo mkdir /etc/logstash/conf.d/patterns```
```
sudo mkdir /etc/logstash/conf.d/patterns
```
### 14. Navigate to Patterns Folder
```cd /etc/logstash/conf.d/patterns/```
```
cd /etc/logstash/conf.d/patterns/
```
### 15. Download the following configuration file
```sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/pfsense_2_4_2.grok```
```
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/pfsense_2_4_2.grok
```
### 16. Edit (10-syslog.conf)arkdown
```sudo nano /etc/logstash/conf.d/10-syslog.conf```
```
sudo nano /etc/logstash/conf.d/10-syslog.conf
```
### 17. Revise/Update w/pfsense IP address (10-syslog.conf)
```
......@@ -76,21 +109,29 @@ Change line 9 to point to your second PfSense IP address of comment out
```
### 18. Edit (11-pfsense.conf)
```sudo nano /etc/logstash/conf.d/11-pfsense.conf```
```
sudo nano /etc/logstash/conf.d/11-pfsense.conf
```
### 19. Resive/Update timezone
```
Change line 12 to the same timezone as your phSense configruation
_Note if the timezone is offset or mismatched, you may not see any logs_
```
### 20. Download and install the MaxMind GeoIP database
```cd /etc/logstash```
```cd /etc/logstash
```
### 21. Download and install the MaxMind GeoIP database
```sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz```
```
sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
```
### 22. Download and install the MaxMind GeoIP database
```sudo gunzip GeoLite2-City.mmdb.gz```
```
sudo gunzip GeoLite2-City.mmdb.gz
```
# Configure Services
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)