Monitor your systems with Filebeat, Elasticsearch and Kibana on Debian 9 (Stretch)

Most of the install instructions are taken from this page and in the official Elasticsearch documentation and that page in the Beats documentation.

To keep individual services as isolated as possible, I recommend to configure the Elasticsearch and Kibana server in one or even two dedicated LXC containers. How to create new LXC containers, see the post on Creating LXC containers using host-shared NAT bridge.

Setup Elasticsearch server

Install X-Pack Plugin

Instructions are taken from the official X-Pack installation documentation page.

Enable SSL/TLS on Elasticsearch server

The following steps are based on this official X-Pack documentation page.

Enable and start Elasticsearch and Kibana servers

Change default passwords

Make Elasticsearch and Kibana reachable from outside localhost

Prepare Elasticsearch to accept input from Filebeat

This section is based on the official X-Pack documentation on setting up Filebeat.

Add client for monitoring on Elasticsearch

Add new user on Elasticsearch server

Install Filebeat on client you want to monitor

This section is based on the official Filebeat documentation pages.

Enable System Monitoring

This section is based on the official Filebeat documentation.