@scottalanmiller said in Building ELK on CentOS 7:

@dafyre said in Building ELK on CentOS 7:

So... I went through and ran the script and it seems to have worked fine... What next?

Edit: To collect logs from the local server, I also had to install filebeat on this server. So I reckon I can now go and install it on all my other systems as well.

Yes, install Filebeat and point it to ELK. Check my Filebeat article for more info.

Didn't realize you had one. 8-) But I'm good now. Logs are collecting as we speak. Bonus: Fail2Ban and Apache logs also work great in ELK.

They also forget about SELinux with their CentOS 7 docs. You need sudo setsebool -P httpd_can_network_connect 1 and possibly sudo chcon -R --type=httpd_syscontent_rw_t /opt/kibana

Up and running now.

@JaredBusch said:

I have never successful gotten an ELK server up and running and ingesting logs. I really need to get on this.

Digital Ocean has some great documentation on it. I love having an ELK server without any licensing limitations.

The one really sad part, though, is that it is a single user login out of the box and the user management component Shield is non-free.