TOC & Recently Viewed

Recently Viewed Topics

Install Elasticsearch

Before You Begin

Install the latest version of JRE.

Steps (RHEL/CentOS 6 and higher)

  1. Download Elasticsearch using wget.

    # wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.4.6/elasticsearch-2.4.6.rpm

  2. Install Elasticsearch.

    # rpm -ivh elasticsearch-2.4.6.rpm

    You can connect additional Elasticsearch nodes, if desired. Any additional nodes will not be managed by the LCE server.

    Note: When LCE is installed, it will backup the Elasticsearch configuration files:

    • /var/elasticsearch/elasticsearch.yml
    • /etc/sysconfig/elasticsearch
    • /usr/lib/systemd/system/elasticsearch.service from </path/to/file> to </path/to/file>~bak. LCE will then append additional configuration data to this file.

    The only other time LCE will modify these is if the database directory or archive directory is modified.

  3. Install analysis-icu.

    # /usr/share/elasticsearch/bin/plugin install analysis-icu

    If you have connected additional Elasticsearch nodes, the plugin needs to be installed on every node in the cluster.

    Note: The ICU Analysis plugin version must be the same as the Elasticsearch version.
    Caution: Exercise caution if you choose to install the Kibana Elasticsearch plugin, and make a complete cold backup of the database-directory and archive-directory if archiving is enabled.. Kibana can cause datastore corruption and degraded performance. LCE provides internal tools for ad-hoc queries against the LCE Elasticsearch datastore.

Steps (RHEL/CentOS 5)

Note: RHEL and CentOS 5 do not support v4 headers for packages. Because of this, some special steps are required.

The following examples use Elasticsearch 2.3.3. However, the LCE server is compatible with versions of Elasticsearch 2.3.3 to 2.4.6.

  1. Download Elasticsearch using wget.

    # wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.4.6/elasticsearch-2.4.6.rpm

  2. Install Elasticsearch using --nosignature.

    # rpm -ivh --nosignature elasticsearch-2.4.6.rpm

  3. Install analysis-icu.

    # /usr/share/elasticsearch/bin/plugin install analysis-icu

Note: The ICU Analysis plugin version must be the same as the Elasticsearch version.
Caution: Exercise caution if you choose to install the Kibana Elasticsearch plugin, and make a complete cold backup of the database-directory and archive-directory if archiving is enabled.. Kibana can cause datastore corruption and degraded performance. LCE provides internal tools for ad-hoc queries against the LCE Elasticsearch datastore.

Next, install the LCE server.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.