Kibana를 설치하는 방법

Kibana를 설치하는 방법

1. Elasticsearch 패키지 설치 확인

• 우분투에서 Elasticsearch를 설치하고 Kibana를 사용하여 클러스터 상태를 확인하는 방법

2. Kibana 설치

• Kibana 패키지 설치

sudo apt-get install -y kibana

• Kibana 암호화 키 생성

/usr/share/kibana/bin/kibana-encryption-keys generate

$ /usr/share/kibana/bin/kibana-encryption-keys generate
## Kibana Encryption Key Generation Utility

The 'generate' command guides you through the process of setting encryption keys for:

xpack.encryptedSavedObjects.encryptionKey
    Used to encrypt stored objects such as dashboards and visualizations
    https://www.elastic.co/guide/en/kibana/current/xpack-security-secure-saved-objects.html#xpack-security-secure-saved-objects

xpack.reporting.encryptionKey
    Used to encrypt saved reports
    https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html#general-reporting-settings

xpack.security.encryptionKey
    Used to encrypt session information
    https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings


Already defined settings are ignored and can be regenerated using the --force flag.  Check the documentation links for instructions on how to rotate encryption keys.
Definitions should be set in the kibana.yml used configure Kibana.

Settings:
xpack.encryptedSavedObjects.encryptionKey: 7ceabba2885812c9c1a3725801701962
xpack.reporting.encryptionKey: 27d0efa1e23b1306a8be43bf0c8fc735
xpack.security.encryptionKey: 7c32040b004c6d5e009f5bbb09a5ac55

cat <<EOF >> /etc/kibana/kibana.yml

## Kibana Encryption Key Generation Utility
xpack.encryptedSavedObjects.encryptionKey: 7ceabba2885812c9c1a3725801701962
xpack.reporting.encryptionKey: 27d0efa1e23b1306a8be43bf0c8fc735
xpack.security.encryptionKey: 7c32040b004c6d5e009f5bbb09a5ac55
EOF

• kibana_system 사용자의 비밀번호 재설정

/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

$ /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system
This tool will reset the password of the [kibana_system] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y


Enter password for [kibana_system]:
Re-enter password for [kibana_system]:
Password for the [kibana_system] user successfully reset.

• Kibana 설정

vim /etc/kibana/kibana.yml

server.port: 5601

server.host: "0.0.0.0"

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file

pid.file: /run/kibana/kibana.pid

xpack.encryptedSavedObjects.encryptionKey: 7ceabba2885812c9c1a3725801701962
xpack.reporting.encryptionKey: 27d0efa1e23b1306a8be43bf0c8fc735
xpack.security.encryptionKey: 7c32040b004c6d5e009f5bbb09a5ac55

• Kibana 서비스 실행

sudo systemctl --now enable kibana.service

• Kibana 서비스 상태 확인

systemctl status kibana.service

$ systemctl status kibana.service
● kibana.service - Kibana
     Loaded: loaded (/lib/systemd/system/kibana.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-03-01 15:34:41 KST; 41s ago
       Docs: https://www.elastic.co
   Main PID: 17068 (node)
      Tasks: 11 (limit: 6970)
     Memory: 319.4M
        CPU: 10.781s
     CGroup: /system.slice/kibana.service
             └─17068 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.051+09:00][INFO ][plugins-service] Plugin "securitySolutionServerless" is disabled.
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.051+09:00][INFO ][plugins-service] Plugin "serverless" is disabled.
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.051+09:00][INFO ][plugins-service] Plugin "serverlessObservability" is disabled.
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.051+09:00][INFO ][plugins-service] Plugin "serverlessSearch" is disabled.
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.506+09:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.663+09:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.677+09:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch c>
Mar 01 15:34:51 node3 kibana[17068]: [2024-03-01T15:34:51.706+09:00][INFO ][root] Holding setup until preboot stage is completed.
Mar 01 15:34:51 node3 kibana[17068]: i Kibana has not been configured.
Mar 01 15:34:51 node3 kibana[17068]: Go to http://0.0.0.0:5601/?code=311779 to get started.

728x90

브라우저에서 접속

• 기본적으로 Kibana는 http://localhost:5601에 바인딩되어 있으므로 브라우저에서 해당 URL로 접속하여 Kibana 대시보드에 액세스할 수 있습니다.

http://192.168.10.73:5601/?code=311779

kibana1

 

kibana2

kibana3

kibana4

kibana5

kibana6

• 자동 생성된 설정(automatically generated)

vim /etc/kibana/kibana.yml

server.port: 5601

server.host: "0.0.0.0"

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file

pid.file: /run/kibana/kibana.pid

xpack.encryptedSavedObjects.encryptionKey: 7ceabba2885812c9c1a3725801701962
xpack.reporting.encryptionKey: 27d0efa1e23b1306a8be43bf0c8fc735
xpack.security.encryptionKey: 7c32040b004c6d5e009f5bbb09a5ac55

# This section was automatically generated during setup.
elasticsearch.hosts: ['https://localhost:9200']

elasticsearch.username: kibana_system
elasticsearch.password: kibana_system_password1!

elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1709275855078.crt]

xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://localhost:9200'], ca_trusted_fingerprint: 8cd24cd6745664aa4cfb9126df62d9cffc71ef4cf4866a30174fbbe2dceae730}]