Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



AAC Library of Tools

ERK (Elasticsearch-Rsyslog-Kibana) Stack Installer


A bash script to automatically install an Elasticsearch-Rsyslog-Kibana stack on CentOS/RHEL 7. Rsyslog replaces Logstash and allows direct forwarding of syslog messages to Elasticsearch for other processing. I forward my VMware vRealize LogInsight logs to ERK for use with ElasticSearch.

Why did I create this script? Nothing I found on the web was as automated, pulled the latest sources, and worked seamlessly with rsyslog, SELinux, and either iptables & FirewallD.

Reference: http://www.havensys.net/making-a-free-log-server/


Run the script using SUDO as root access is required. The script installs the latest Rsyslog, Elasticsearch, Kibana, but also adjusts SELinux and either FirewallD or Iptables as well.

# sudo ./erk.install

If the erk.install.filename files exist, they provide additioanl mechanisms to secure Kibana/ES. erk.install will either present a list of these mechanims or if only one exists, run it. Currently there is a way to frontend ERK with an Nginx proxy to add simple authentication.


  • Add support for ES Shield
  • Add Grafana support
  • Determine why TCP 514 cannot receive syslog messages


Email elh at astroarch dot com for assistance or if you want to add for more items.


  • fixed EPEL detection and security installer detection

  • fixed SELinux for Rsyslog talking to ES

  • fixed SELinux for the Nginx frontend to Kibana

  • Added initial Nginx Support and Iptables as well as FirewallD