[ELK] Kibana 설치

• Kibana란?
  • kibana는 Elastic Stack(ELK) 기반으로 구축된 오픈소스 프론트엔드 애플리케이션
  • Elasticsearch에서 색인된 데이터들을 검색해서 분석 및 시각화하는 대시보드 플랫폼

• 구축환경
  • OS: Ubiuntu 22.04
  • CPU: 4v Cpu
  • RAM: 16GB
  • DISK: 100GB(OS 및 프로그램  설치할 하드) + 100GB(ELK 분석/저장 파일 보관할 하드)
  • ETC: Openstack(IAAS)

---

키바나 설치 및 서비스 등록

 root@ubuntu:/usr/share/elasticsearch# apt install kibana
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  kibana
0 upgraded, 1 newly installed, 0 to remove and 37 not upgraded.
Need to get 318 MB of archives.
After this operation, 928 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64 kibana amd64 8.12.0 [318 MB]
Fetched 318 MB in 1min 12s (4424 kB/s)
Selecting previously unselected package kibana.
(Reading database ... 97758 files and directories currently installed.)
Preparing to unpack .../kibana_8.12.0_amd64.deb ...
Unpacking kibana (8.12.0) ...
Setting up kibana (8.12.0) ...
Creating kibana group... OK
Creating kibana user... OK
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.12/production.html#openssl-legacy-provider
Created Kibana keystore in /etc/kibana/kibana.keystore
Scanning processes...
Scanning candidates...
Scanning linux images...

Restarting services...
Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart networkd-dispatcher.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@ubuntu:/usr/share/elasticsearch#

#kibana 설치

root@ubuntu:/usr/share/elasticsearch# sudo systemctl start kibana
root@ubuntu:/usr/share/elasticsearch# sudo systemctl enable kibana
Created symlink /etc/systemd/system/multi-user.target.wants/kibana.service → /lib/systemd/system/kibana.service.
#실행 및 자동실행 등록

root@ubuntu:/usr/share/elasticsearch# sudo systemctl status kibana
● kibana.service - Kibana
     Loaded: loaded (/lib/systemd/system/kibana.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-02-05 02:59:41 UTC; 1h 12min ago
       Docs: https://www.elastic.co
   Main PID: 33461 (node)
      Tasks: 11 (limit: 19140)
     Memory: 265.5M
        CPU: 24.525s
     CGroup: /system.slice/kibana.service
             └─33461 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

Feb 05 02:59:52 ubuntu kibana[33461]: [2024-02-05T02:59:52.655+00:00][INFO ][plugins-service] Plugin "securitySolutionServerless" is disabled.
Feb 05 02:59:52 ubuntu kibana[33461]: [2024-02-05T02:59:52.655+00:00][INFO ][plugins-service] Plugin "serverless" is disabled.
Feb 05 02:59:52 ubuntu kibana[33461]: [2024-02-05T02:59:52.655+00:00][INFO ][plugins-service] Plugin "serverlessObservability" is disabled.
Feb 05 02:59:52 ubuntu kibana[33461]: [2024-02-05T02:59:52.655+00:00][INFO ][plugins-service] Plugin "serverlessSearch" is disabled.
Feb 05 02:59:52 ubuntu kibana[33461]: [2024-02-05T02:59:52.969+00:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
Feb 05 02:59:53 ubuntu kibana[33461]: [2024-02-05T02:59:53.122+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
Feb 05 02:59:53 ubuntu kibana[33461]: [2024-02-05T02:59:53.139+00:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
Feb 05 02:59:53 ubuntu kibana[33461]: [2024-02-05T02:59:53.172+00:00][INFO ][root] Holding setup until preboot stage is completed.
Feb 05 02:59:53 ubuntu kibana[33461]: i Kibana has not been configured.
Feb 05 02:59:53 ubuntu kibana[33461]: Go to http://localhost:5601/?code=041608 to get started.
#실행 확인

---

nginx(엔진 x) 설정(설치했을 경우만)

root@ubuntu:/usr/share/elasticsearch# vi /etc/nginx/sites-available/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #try_files $uri $uri/ =404;
                proxy_pass http://localhost:5601;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
#수정

wq
#저장

---

토큰 접속(수동 등록 시에만 아니면  생략)

#웹브라우저에 ip기입하여 http 사이트 접속 그 후 아래의 토큰 및 인증번호 발급받고 접속

root@ubuntu:/usr/share/elasticsearch# bin/elasticsearch-create-enrollment-token -s kibana
#인증 토큰 받기
root@ubuntu:/usr/share/elasticsearch# cd /usr/share/kibana
#키바나 폴더로 이동후
root@ubuntu:/usr/share/kibana# bin/kibana-verification-code
#인증 번호 발급
Your verification code is: xxx xxx

---

키바나 설정

root@ubuntu:/usr/share/elasticsearch# vi /etc/kibana/kibana.yum
#수정

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

...(생략)

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system" 
#elastic로 할경우 슈퍼계정이라 오류 뱉음
elasticsearch.password: "PW"

wq
#저장

root@ubuntu:/usr/share/elasticsearch# systemctl restart kibana.service