System Build Overview The next steps are to build the environment; starting with the elasticsearch (ES) nodes and the log parser/search frontend because they require certain components to be identical. The process assumes the use of a minimal OS install using CENTOS 7 but any major NIX based OS can be used (just remember the commands might be different). Start by building three servers; two will be ES data nodes and one will be used as the ES master node.

Logging Infrastructure Overview Setting up a multi-tiered logging infrastructure can be a little more complicated than just spinning up an rsyslog server and shipping logs to it (although that is an option). A few products come up repeatedly when looking for logging stack solutions—these include elasticsearch, logstash, kibana, and graylog, along with rsyslog, nxlog, syslog-ng, and OSSEC. The ELK stack uses Elasticsearch, Logstash, and Kibana. The Graylog and Elasticsearch stack (or GELP – Graylog Enhanced Logging Platform, for lack of a better acronym) utilizes Graylog to perform the same functions as Logstash and Kibana.