-
Two servers running Ubuntu 20.04+ (or later):
- Server A: Elasticsearch + Kibana
- Server B: Fluent Bit (and Story node)
-
SSH access to both servers.
-
UFW (Uncomplicated Firewall) installed on each server (optional, for managing network ports).
Tip: Run all commands below with
sudo(root privileges).
-
Check if required ports are listening (9200, 5601, 2020):
sudo ss -tuln | grep -E "9200|5601|2020"
At this initial stage, none of these services are running yet, so it’s expected that no output is returned.
-
Open necessary ports in the firewall (UFW):
sudo ufw allow 9200/tcp # Elasticsearch HTTP API sudo ufw allow 5601/tcp # Kibana Web UI sudo ufw allow 2020/tcp # Fluent Bit HTTP metrics sudo ufw reload
This ensures external access to Elasticsearch (9200), Kibana (5601), and Fluent Bit’s metrics endpoint (2020).
-
Verify firewall rules:
sudo ufw status
You should see allow rules for 9200, 5601, and 2020 (if UFW is active).
-
SSH into Server A (Elasticsearch/Kibana server):
ssh root@<IP_Server_A>
-
SSH into Server B (Fluent Bit & Story server):
ssh root@<IP_Server_B>
-
Update package lists and upgrade on both servers:
apt update && apt upgrade -yThis ensures all system packages are up-to-date before installing the EFK components.