AAC Library of Tools
ERK (Elasticsearch-Rsyslog-Kibana) Stack Installer
A bash script to automatically install an Elasticsearch-Rsyslog-Kibana stack on CentOS/RHEL 7. Rsyslog replaces Logstash and allows direct forwarding of syslog messages to Elasticsearch for other processing. I forward my VMware vRealize LogInsight logs to ERK for use with ElasticSearch.
Why did I create this script? Nothing I found on the web was as automated, pulled the latest sources, and worked seamlessly with rsyslog, SELinux, and either iptables & FirewallD.
Run the script using SUDO as root access is required. The script installs the latest Rsyslog, Elasticsearch, Kibana, but also adjusts SELinux and either FirewallD or Iptables as well.
# sudo ./erk.install
If the erk.install.filename files exist, they provide additioanl mechanisms to secure Kibana/ES. erk.install will either present a list of these mechanims or if only one exists, run it. Currently there is a way to frontend ERK with an Nginx proxy to add simple authentication.
- Add support for ES Shield
- Add Grafana support
- Determine why TCP 514 cannot receive syslog messages
Email elh at astroarch dot com for assistance or if you want to add for more items.
fixed EPEL detection and security installer detection
fixed SELinux for Rsyslog talking to ES
fixed SELinux for the Nginx frontend to Kibana
Added initial Nginx Support and Iptables as well as FirewallD