ELK: Difference between revisions
From artserver wiki
Line 22: | Line 22: | ||
'''On remote:''' (IP x.x.x.2) | '''On remote:''' (IP x.x.x.2) | ||
* FileBeat: Beats are lightweight agents that are installed on client hosts to collect different types of data for forwarding into the stack. | * FileBeat: Beats are lightweight agents that are installed on client hosts to collect different types of data for forwarding into the stack. | ||
<source lang="yaml"> | |||
* test elasticsearch access, from remote: <code>curl http:// | # ---------------------------- Elasticsearch Output ---------------------------- | ||
output.elasticsearch: | |||
# Array of hosts to connect to. | |||
hosts: ["X.X.X.Y:9200"] # ElasticSearch host IP | |||
# Protocol - either `http` (default) or `https`. | |||
protocol: "http" | |||
# Authentication credentials - either API key or username/password. | |||
#api_key: "id:api_key" | |||
username: "elastic" | |||
password: "XXX" | |||
</source> | |||
* test elasticsearch access, from remote: <code>curl http://X.X.X.Y:9200</code> | |||
''' | ''' | ||
Revision as of 10:39, 27 September 2022
Installing ELK stack
Followed https://techviewleo.com/install-elastic-stack-elk-on-debian/ ports:
- elasticsearch: 9200
- logstash: 5044
- kibana: 5601
- filebeat
change elasticsearch JVM heap size to use only 1G in /etc/elasticsearch/jvm.options
-Xms1g
-Xmx1g
Test ElsticSearch
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic http://localhost:9200
Project: analysing Apache server logs from another server
Use a VPN connection.
On remote: (IP x.x.x.2)
- FileBeat: Beats are lightweight agents that are installed on client hosts to collect different types of data for forwarding into the stack.
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["X.X.X.Y:9200"] # ElasticSearch host IP
# Protocol - either `http` (default) or `https`.
protocol: "http"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "XXX"
- test elasticsearch access, from remote:
curl http://X.X.X.Y:9200
On ELK stack machine: (IP x.x.x.1)
- have elasticsearch and kibana running
- test elasticsearch: curl http://localhost:9200