Testings
| Object | Comment / Link | Status |
|---|---|---|
| ELK Stack | An excellent Guide for Ubuntu 14.04 is at https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04 | TESTED |
| TopBeat | https://www.digitalocean.com/community/tutorials/how-to-gather-infrastructure-metrics-with-topbeat-and-elk-on-ubuntu-14-04 | TESTED |
| PacketBeat | https://z0z0.me/monitor-your-servers-with-elasticsearch-2-x-and-beats-and-display-it-in-kibana/ | TESTET |
| GeoIP Support | https://www.digitalocean.com/community/tutorials/how-to-map-user-location-with-geoip-and-elk-elasticsearch-logstash-and-kibana | TESTED Gave som field challenges, and I had to delete the filebeat index. |
| Tomcat Log Parsing | https://blog.lanyonm.org/articles/2014/01/12/logstash-multiline-tomcat-log-parsing.html | NOT TESTED |
Tips
Make sure the server time is correct for all servers 
as in use NTP.
This actually gave me a problem where logstash => ElasticSearch did not work
Delete indexes
curl -XDELETE http://localhost:9200/filebeat*
Sample filebeat config for my Confluence Server
paths:
- /var/log/auth.log
- /var/log/syslog
document_type: syslog
input_type: log
-
paths:
- /var/log/apache2/www.mos-eisley.dk-*.log
document_type: apache
input_type: log
-
paths:
- /data/www/Fordor.log
- /data/www/Baghus.log
document_type: camfileslog
input_type: log
Sample filebeat config for my Alfresco Server
paths:
- /var/log/auth.log
- /var/log/syslog
document_type: syslog
input_type: log
-
paths:
- /var/log/apache2/alfresco.mos-eisley.dk-*.log
- /var/log/apache2/elk.mos-eisley.dk-*.log
document_type: apache
input_type: log
-
paths:
- /var/log/pingkaf.txt
document_type: pinglog
input_type: log
Indexes
root@elkserver:/# curl localhost:9200/_cat/indices yellow open filebeat-2016.03.30 5 1 7 0 78.9kb 78.9kb yellow open logstash-2016.03.28 5 1 1 0 12.7kb 12.7kb yellow open filebeat-2016.03.31 5 1 10 0 112.2kb 112.2kb yellow open filebeat-2016.03.21 5 1 1 0 11.9kb 11.9kb yellow open filebeat-2016.03.22 5 1 1 0 11.9kb 11.9kb yellow open filebeat-2016.04.01 5 1 6 0 67.6kb 67.6kb yellow open filebeat-2016.03.23 5 1 1 0 11.9kb 11.9kb yellow open filebeat-2016.04.02 5 1 15 0 167.5kb 167.5kb yellow open logstash-2013.12.11 5 1 1 0 11.3kb 11.3kb yellow open filebeat-2016.03.13 5 1 1 0 11.9kb 11.9kb yellow open filebeat-2016.04.03 5 1 4718 0 5mb 5mb yellow open filebeat-2016.03.24 5 1 1 0 12.1kb 12.1kb yellow open filebeat-2016.03.25 5 1 1 0 11.9kb 11.9kb yellow open filebeat-2016.03.26 5 1 2 0 23kb 23kb yellow open packetbeat-2016.04.03 5 1 115546 0 78.3mb 78.3mb yellow open .kibana 1 1 115 0 86.3kb 86.3kb yellow open topbeat-2016.04.03 5 1 198026 0 75.9mb 75.9mb yellow open filebeat-2016.03.27 5 1 2 0 23kb 23kb yellow open filebeat-2016.03.28 5 1 4 0 45.3kb 45.3kb yellow open filebeat-2016.03.29 5 1 2 0 23kb 23kb yellow open filebeat-2016.03.18 5 1 2 0 23.1kb 23.1kb root@elkserver:/#
Other Stuff:
http://www.slideshare.net/aca_it/monitor-your-atlassian-stack-like-the-nsa
PingLog i eget index
Make a copy of filebeat.json from the zip package at https://download.elastic.co/beats/dashboards/beats-dashboards-1.1.0.zip and chage filebeat.json name and content.
Then upload and create index.
curl -XPUT http://localhost:9200/.kibana/index-pattern/pinglog-* -d @pinglog.json
{"_index":".kibana","_type":"index-pattern","_id":"pinglog-*","_version":2,"_shards":{"total":2,"successful":1,"failed":0},"created":false}root@elkserver:~/beats-dashboards-1.1.0/dashboards/index-pattern#