Elasticsearch + Debian 11 | tweak the server

Set ulimit -n: Edit /etc/profile and add ulimit -n 65535 Disable swapping by removing all swap lines from your fstab. As an alternative add the following line to your elasticsearch.yml: bootstrap.memory_lock: true Then test it using the famous Kibana (DevTools) Console: GET _nodes?filter_path=**.mlockall It should return true. Do not tune the java dns timeouts.

Elasticsearch 8.1.0 data handling

Dear experts, please don’t roast me, this is a rookies view. If i wrote bs, any hints are highly appreciated via elasticdata@xxaxxelxx Mechanical stuff: You can handle all this data handling via the so called console. The console is a tool you find inside of the Kibana WebUI: Log in as elastic superuser (or something […]

Elasticsearch + Kibana 8.1.0 on Debian 11

Credits, kudos and thanx to the guys making https://kifarunix.com/install-elk-stack-8-x-on-ubuntu/ Elasticsearch is the database and Kibana the WebUI to access the database. Elasticsearch provides a RESTapi, accessable via curl and/or via a so called console, that is a part of kibana. Yallah: After this you should the following to your .profile file: PATH=”/usr/share/elasticsearch/bin:/usr/share/kibana/bin:$PATH” The installation of […]

Elasticsearch | updating certificates

New CA stuff: Import ca.crt into truststore: New Transport certs: New http cert: Tune elasticsearch.yml: xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 CSR? NO CA? YES ONE CERT PER NODE? YES NODE NAME? CHECK elasticsearch.yml FOR node.name REPEAT FOR EACH NODE

SELKS | suricata | Scirius | Elasticsearch | Hints

1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]