How To Install Elasticsearch Part2
How To Install Elasticsearch Part2
How To Install Elasticsearch Part2
Logstash-forwader uses SSL certificate for validating logstash server identity, so copy the
logstash-forwarder.crt that we created earlier from the logstash server to the client. Open up
the configuration file.
# vi /etc/logstash-forwarder.conf
In the network section, mention the logstash server with port number and path to the
logstash-forwarder certificate that you copied from logstash server. This section defines the
logstash-forwarder to send a logs to logstash server itzgeek on port 5050 and client
validates the server identity with the help of SSL certificate.
Note: Replace itzgeek with ip address incase if you are using IP SAN.
"servers": [ "itzgeek:5050" ],
"ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
"timeout": 15
In the files section, configures what all are files to be shipped. In this article we will
configure a logstash-forwarder to send a logs (/var/log/messages) to logstash server with
syslog as type.
{
"paths": [
"/var/log/messages"
],
"fields": { "type": "syslog" }
}
Configure Kibana 4:
Kidbana provides visualization of logs, download it from official website. Use the following
command to download it in terminal.
wget https://download.elasticsearch.org/kibana/kibana/kibana-4.0.2-linuxx64.tar.gz
mv kibana-4.0.2-linux-x64 /opt/kibana4
Enable PID file for Kibana, this is required to create a systemd init file.
# sed -i 's/#pid_file/pid_file/g' /opt/kibana4/config/kibana.yml
You will get a following page where you have to map logstash index to use kibana. Scroll
down on Time-field name and select
@timestamp
Kibana does not comes with any kind of password protected access to portal. With Nginx,
we can configure in such a way that the user should fulfill authentication mechanism before
entering to portal.
Thats All, you have successfully configured ELK stack for centralized log management.