Are you interested in Elasticsearch, Logstash, Kibana, and Rivers (JDBC+MySQL)? Then this ELK guide is for you.

We are building this with Scientific Linux 7.1 and the latest versions of each available at the moment.

I sourced information on how to do this from:

Install SL 7.1
Find your local mirror:

Complete a Web Server install with these options selected:
Web Server w/Java, Python, PHP

Enable EPEL:

sudo yum install epel-release


sudo yum upgrade

Download and install the public signing key:

sudo rpm --import
vim /etc/yum.repos.d/elk.repo
name=Elasticsearch repository for 1.5.x packages
name=logstash repository for 1.4.x packages


sudo yum update && sudo yum install elasticsearch logstash


sudo vi /etc/elasticsearch/elasticsearch.yml

Find the line that specifies, uncomment it, and replace its value with “localhost” so it looks like this: localhost

If you are setting up a node environment, that system’s public IP will work or:


sudo systemctl start elasticsearch.service
sudo systemctl enable elasticsearch.service

Download Kibana 4.0.2:


Expand the compressed file:

tar xvf kibana-*.tar.gz

Edit the kibana.yml file to set host:

vim ~/kibana-4*/config/kibana.yml

host: “localhost”

Make the kibana bin dir:

sudo mkdir -p /opt/kibana

Copy kibana to its running dir:

sudo cp -R ~/kibana-4*/* /opt/kibana/

Make the service file for Kibana:

sudo vim /etc/systemd/system/kibana4.service

Paste this into the new service file:



Now start and default enable kibana:

sudo systemctl start kibana4
sudo systemctl enable kibana4

Now we want to get Nginx install for the reverse proxy, to this, we will want the EPEL-Release installed:

sudo yum -y install epel-release

Then install nginx and httpd-tools:

sudo yum -y install nginx httpd-tools

Edit Nginx conf and remove the whole section of “server{” … “}”

sudo vim /etc/nginx/nginx.conf

Create the Kibana Nginx config:

sudo vim /etc/nginx/conf.d/kibana.conf

Paste in:

server {
    listen 80;


    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        

Now start and enable autostart for Nginx:

sudo systemctl start nginx
sudo systemctl enable nginx

Because I don’t hate myself enough, I will remove the firewalld (thanks SystemD)

sudo systemctl disable firewalld
sudo systemctl stop firewalld

Then install the iptables-services package by entering the following command as root:

sudo yum install iptables-services

The iptables-services package contains the iptables service and the ip6tables service.
Then, to start the iptables and ip6tables services, run the following commands as root:

sudo systemctl start iptables
sudo systemctl start ip6tables
sudo systemctl enable iptables
sudo systemctl enable ip6tables

Now we can allow port 80 in:

sudo iptables -I INPUT 5 -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 5 -p tcp --dport 9300 -j ACCEPT

Also, save the configuration:

sudo service iptables save

You might need to install some tools to help you manage SELinux:

sudo yum install policycoreutils-python

If you want help troubleshooting any further issues or mods that SELinux will likely be a part of:

sudo yum install setroubleshoot-server

SELinux is going to block the local reconnect (reverse forward), so let’s add the new ports to http_port_t

sudo semanage port -a -t http_port_t -p tcp 5601
sudo semanage port -a -t http_port_t -p tcp 9200

Now for the river plug-in.

Install the plugin

cd /usr/share/elasticsearch/

Then execute (as root):

sudo ./bin/plugin --install jdbc --url

Now, if you are using it to create rivers for a MySQL database, you will need the MySQL JDBC plug-in:
Download MySQL JDBC driver:

curl -o -L ''

Add MySQL JDBC driver jar to JDBC river plugin directory and set access permission for .jar file (at least chmod 644):


Let’s copy this to the jdbc directory in $ES_HOME (/usr/share/elasticsearch):

sudo cp mysql-connector-java-5.1.33-bin.jar $ES_HOME/plugins/jdbc/

Set the correct permissions:

sudo chmod 644 $ES_HOME/plugins/jdbc/*

Now restart the node:

sudo service elasticsearch restart


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.