Searching for elastic

After reviewing the video guide on elastic’s website, it seems like it could be easy to just grab the executable and start it (now that Java comes with the program).

Quick start

1. download the file (elastic search)
2. execute the file

Alternatively, it looks docker can do it too:

docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.10.1

Depending on your preference, it could be favorable to install the local package:

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-amd64.deb.sha512
$ shasum -a 512 -c elasticsearch-7.10.2-amd64.deb.sha512
$ sudo dpkg -i elasticsearch-7.10.2-amd64.deb
$ sudo /bin/systemctl daemon-reload
$ sudo /bin/systemctl enable elasticsearch.service
$ sudo /bin/systemctl start elasticsearch.service
$ curl -X GET "localhost:9200/?pretty"

Perhaps it’s best to just pick a path and get started.

Ubuntu

Install elastic then install kibana. Restart both services and visit the elastic search page on localhost.

Collect Data

Auditd logs could be a great place to start. Also, you might want to install Metricbeat on the same server as Elasticsearch to monitor your server.

Configuration

This might take the longest to get going. Fortunately, there is a good amount of documentation for configuring things like observability and enabling security.

• 2021 5