Versioner sammenlignet

Gammel version 14

changes.mady.by.user Normann P. Nielsen

Gemt på

sammenlignet med

Ny version Nuværende

changes.mady.by.user Normann P. Nielsen

Gemt på

Nøgle

  • Linjen blev tilføjet.
  • Denne linje blev fjernet.
  • Formatering blev ændret.

...

ObjectComment / LinkStatus
ELK StackAn excellent Guide for Ubuntu 14.04 is at https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04
Status
colourGreen
titleTested
TopBeat https://www.digitalocean.com/community/tutorials/how-to-gather-infrastructure-metrics-with-topbeat-and-elk-on-ubuntu-14-04 
Status
colourGreen
titleTested
PacketBeat https://z0z0.me/monitor-your-servers-with-elasticsearch-2-x-and-beats-and-display-it-in-kibana/
Status
colourGreen
titleTestet
GeoIP Support https://www.digitalocean.com/community/tutorials/how-to-map-user-location-with-geoip-and-elk-elasticsearch-logstash-and-kibana 

Status
colourGreen
titleTested

Gave som some field mapping challenges, and I had to delete the filebeat index values.

The Great Mapping Refactoring

Tomcat Log Parsinghttps://blog.lanyonm.org/articles/2014/01/12/logstash-multiline-tomcat-log-parsing.html  
Status
colourRed
titleNot Tested
Shield (Security)https://www.elastic.co/guide/en/shield/current/kibana.html#using-kibana4-with-shield
Status
colourRed
titleNot Tested

 

Tips

Tip

Make sure the server time is correct for all servers (smil) as in use NTP.

This actually gave me a problem where logstash => ElasticSearch did not work

Delete indexes

I have divided stuff a bit, please read:

Logstash - Tips and Troubleshooting

Elasticsearch - Tips and Troubleshooting

Kodeblok
curl -XDELETE http://localhost:9200/filebeat*

 



Sample filebeat.yml config for my Confluence Server

Kodeblok
      paths:
        - /var/log/auth.log
        - /var/log/syslog
      document_type: syslog
      input_type: log
    -
      paths:
        - /var/log/apache2/www.mos-eisley.dk-*.log
      document_type: apache
      input_type: log
    -
      paths:
        - /data/www/Fordor.log
        - /data/www/Baghus.log
      document_type: camfileslog
      input_type: log

 

Sample filebeat.yml config for my Alfresco Server

Kodeblok
     paths:
        - /var/log/auth.log
        - /var/log/syslog
      document_type: syslog
      input_type: log
    -
      paths:
        - /var/log/apache2/alfresco.mos-eisley.dk-*.log
        - /var/log/apache2/elk.mos-eisley.dk-*.log
      document_type: apache
      input_type: log
    -
      paths:
       - /var/log/ping-kafpingkaf.txt
      document_type: ping-logpinglog
      input_type: log

 

 

 

Other Stuff:

http://www.slideshare.net/aca_it/monitor-your-atlassian-stack-like-the-nsa

...

The Great Mapping Refactoring

Embedding Visualisations

A bit of logstash cooking 

PingLog i eget index

...

ELK - 3 THINGS I WISH I'D KNOWN

Little Logstash Lessons - Part I: Using grok and mutate to type your data

5 Logstash Pitfalls You Need to Avoid