Skip to content

Local Elasticsearch Logstash Kibana (ELK) Setup

Why build these scripts?

These scripts are a quick way to get repeatable and consistent environment spun up for a simple ELK stack. This allows for quick test environments to be built for training purposes. No one wants to spend 30 minutes or more looking up the same guide to install the same tool over and over. So this allows an analysts to save 20+ minutes of setup every time they need a clean ELK stack.

Scripts to automate a quick insecure local only deployment for testing can be found here: https://github.com/jtone2k8/ELK_local_config

Scripts for ELK version 8 can be found here: https://github.com/jtone2k8/ELK_local_config/tree/elk8

Scripts for both Debian and Centos Linux Distros are available.

Here is an overview of what the script does:

Setup the underlying system:

  • update system
  • remove old packages

ELK Install

  • install elasticsearch public key
  • install elasticsearch repo
  • install elasticsearch kibana logstash
  • pull ELK configs from this repo
  • move the existing elasticsearch.yml to elasticsearch.yml.bk
  • copy elasticsearch.yml from git clone to /etc/elasticsearch
  • start and enable elasticsearch
  • move kibana.yml to kibana.yml.bk
  • copy kibana.yml from git clone to /etc/kibana.yml
  • start and enable kibana
  • move logstash.yml to logstash.yml.bk
  • copy logstash.yml from git clone to /etc/logstash.yml
  • start and enable logstash
  • check the status of elk

After the script

  • Access to the elasticsearch is @ hxxp://localhost:9200
  • Access to the kibana is @ hxxp://localhost:5601