Testings
Object | Comment / Link | Status |
---|---|---|
ELK Stack | An excellent Guide for Ubuntu 14.04 is at https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04 | TESTED |
TopBeat | https://www.digitalocean.com/community/tutorials/how-to-gather-infrastructure-metrics-with-topbeat-and-elk-on-ubuntu-14-04 | TESTED |
PacketBeat | https://z0z0.me/monitor-your-servers-with-elasticsearch-2-x-and-beats-and-display-it-in-kibana/ | TESTET |
GeoIP Support | https://www.digitalocean.com/community/tutorials/how-to-map-user-location-with-geoip-and-elk-elasticsearch-logstash-and-kibana | TESTED Gave som field challenges, and I had to delete the filebeat index. |
Tomcat Log Parsing | https://blog.lanyonm.org/articles/2014/01/12/logstash-multiline-tomcat-log-parsing.html | NOT TESTED |
Tips
Make sure the server time is correct for all servers as in use NTP.
This actually gave me a problem where logstash => ElasticSearch did not work
Delete indexes
curl -XDELETE http://localhost:9200/filebeat*
Sample filebeat config for my Confluence Server
paths: - /var/log/auth.log - /var/log/syslog document_type: syslog input_type: log - paths: - /var/log/apache2/www.mos-eisley.dk-*.log document_type: apache input_type: log - paths: - /data/www/Fordor.log - /data/www/Baghus.log document_type: camfileslog input_type: log
Sample filebeat config for my Alfresco Server
paths: - /var/log/auth.log - /var/log/syslog document_type: syslog input_type: log - paths: - /var/log/apache2/alfresco.mos-eisley.dk-*.log - /var/log/apache2/elk.mos-eisley.dk-*.log document_type: apache input_type: log - paths: - /var/log/ping-kaf.txt document_type: ping-log input_type: log
Other Stuff:
http://www.slideshare.net/aca_it/monitor-your-atlassian-stack-like-the-nsa
PingLog i eget index
curl -O https://gist.githubusercontent.com/thisismitch/3429023e8438cc25b86c/raw/d8c479e2a1adcea8b1fe86570e42abab0f10f364/filebeat-index-template.json root@elkserver:~# curl -XPUT 'http://localhost:9200/_template/pinglog?pretty' -d@filebeat-index-template.json { "acknowledged" : true } root@elkserver:~# root@elkserver:~# mv filebeat-index-template.json pinglog-index-template.json root@elkserver:~# curl -XPUT 'http://localhost:9200/_template/pinglog?pretty' -d@pinglog-index-template.json { "acknowledged" : true } root@elkserver:~#