...
Revision | Date | Author |
|---|---|---|
v1.0 - Added streaming for DHCP logs | 2020-07-08 | Sokol Gjeçi <sgjeci@rash.al> |
v0.9 - Curator replaced by ILM | 2020-06-27 | Sokol Gjeçi <sgjeci@rash.al> |
v0.8c - Added cover page | 2020-02-04 | Sokol Gjeçi <sgjeci@rash.al> |
v0.8b - Fixed old HTTP config, Wordings corrections | 2020-02-03 | Sokol Gjeçi <sgjeci@rash.al> |
v0.8a - Logstash: Cipher replaced by Fingerprint | 2020-01-29 | Sokol Gjeçi <sgjeci@rash.al> |
v0.8 - SSL/TLS, Keystores, X-Pack, ELK v7.x | 2019-12-15 | Sokol Gjeçi <sgjeci@rash.al> |
Initial document - Basic configuration | 2019-05-02 | Sokol Gjeçi <sgjeci@rash.al> |
...
- CPUs: 4
- Memory: 8 GB
- Storage: 100 GB
- Network: 1 Gbps
- Architecture: x86_64
- OS: CentOS 7
...
- wifimon-node1.rash.al↔10.254.24.230→ master-eligible / data node
- wifimon-node2.rash.al↔10.254.24.232→ master-eligible / data node
- wifimon-node3.rash.al↔10.254.24.237→ master-eligible / data node
- wifimon-kibana.rash.al↔10.254.24.148→ coordinating node
- wifimon-logstash.rash.al↔10.254.24.233→ pipeline node
...
- wifimon-node{1,2,3}.rash.al: 9200/tcp, 9300/tcp
- wifimon-kibana.rash.al: 9200/tcp, 9300/tcp, 5601/tcp
- wifimon-logstash.rash.al: 5044/tcp
...
| Wiki Markup |
|---|
transport.publish_address was printed as \[ip:port\] instead of\[hostname/ip:port\]. This format is deprecated and will change to\[hostname/ip:port\] in a future version. Use-Des.transport.cname_in_publish_address=true to enforcenon-deprecated formatting. |
...
| Wiki Markup |
|---|
discovery.seed_hosts: \[ |
...
| Wiki Markup |
|---|
#cluster.initial_master_nodes: \[ |
...
| Wiki Markup |
|---|
discovery.seed_hosts: \[ |
...
| Wiki Markup |
|---|
#cluster.initial_master_nodes: \[ |
...
| Wiki Markup |
|---|
discovery.seed_hosts: \[ |
...
| Wiki Markup |
|---|
#cluster.initial_master_nodes: \[ |
...
| Wiki Markup |
|---|
discovery.seed_hosts: \[ |
...
| Wiki Markup |
|---|
elasticsearch.hosts: \["https://wifimon-kibana.rash.al:9200"\] |
...
| Wiki Markup |
|---|
elasticsearch.ssl.certificateAuthorities: \["/etc/kibana/certs/ca.crt"\] |
...
| Wiki Markup |
|---|
Jun 18 19:15:20 centos dhcpd\[11223\]: DHCPREQUEST for 192.168.1.200 from a4:c4:94:cd:35:70 (galliumos) via wlp6s0 |
| Wiki Markup |
|---|
Jun 18 19:15:20 centos dhcpd\[11223\]: DHCPACK on 192.168.1.200 to a4:c4:94:cd:35:70 (galliumos) via wlp6s0 |
...
| Wiki Markup |
|---|
multiline.pattern: '^\[\[:space:\]\]' |
...
| Wiki Markup |
|---|
fields: \['input', 'host', 'agent', 'acs', 'log', 'ecs'\] |
...
| Wiki Markup |
|---|
include_lines: \['DHCPACK'\] |
...
| Wiki Markup |
|---|
fields: \['input', 'host', 'agent', 'acs', 'log', 'ecs'\] |
...
| Wiki Markup |
|---|
\{"@timestamp":"2020-06-28T09:20:17.834Z","@metadata":\{"beat":"filebeat","type":"_doc","version":"7.8.0"\},"message":"Jun 18 19:15:20 centos dhcpd\[11223\]: DHCPACK on 192.168.1.200 to a4:c4:94:cd:35:70 (galliumos) via wlp6s0","logtype":"dhcp"\} |
...
| Wiki Markup |
|---|
hosts: \["wifimon-logstash.rash.al:5044"\] |
| Wiki Markup |
|---|
ssl.certificate_authorities: \["/etc/filebeat/certs/ca.crt"\] |
...
| Wiki Markup |
|---|
# filebeat setup --index-management \{color}
{color:#333333}-E output.logstash.enabled=false \{color}
{color:#333333}-E 'output.elasticsearch.hosts=\["wifimon-kibana.rash.al:9200"\]' \{color}
{color:#333333}-E output.elasticsearch.protocol=https \{color}
{color:#333333}-E output.elasticsearch.username=elastic \{color}
{color:#333333}-E output.elasticsearch.password=elastic-password-goes-here \{color}
{color:#333333}-E 'output.elasticsearch.ssl.certificate_authorities=\["/etc/filebeat/certs/ca.crt"\]' |
...
| Wiki Markup |
|---|
monitoring.elasticsearch.ssl.certificate_authorities: \["/etc/filebeat/certs/ca.crt"\] |
...
| Wiki Markup |
|---|
monitoring.elasticsearch.hosts: \["https://wifimon-kibana.rash.al:9200"\] |
...
| Wiki Markup |
|---|
ssl_certificate_authorities => \["/etc/logstash/certs/ca.crt"\] |
...
| Wiki Markup |
|---|
if (\[logtype\] == "radius") \{ |
...
| Wiki Markup |
|---|
mutate \{ gsub => \[ "message", "\[\n\t\]+", " " \] \} |
...
| Wiki Markup |
|---|
include_keys => \[ |
...
| Wiki Markup |
|---|
remove_field => \[ |
...
| Wiki Markup |
|---|
if "beats_input_codec_plain_applied" in \[tags\] \{ |
| Wiki Markup |
|---|
mutate \{ remove_tag => \["beats_input_codec_plain_applied"\] \} |
...
| Wiki Markup |
|---|
remove_field => \[ |
...
| Wiki Markup |
|---|
if "beats_input_codec_plain_applied" in \[tags\] \{ |
| Wiki Markup |
|---|
mutate \{ remove_tag => \["beats_input_codec_plain_applied"\] \} |
...
| Wiki Markup |
|---|
"tags" => \[\] |
...
| Wiki Markup |
|---|
"tags" => \[\], |
...
| Wiki Markup |
|---|
"cluster": \[ |
...
| Wiki Markup |
|---|
"indices": \[ |
...
| Wiki Markup |
|---|
"names": \[ |
...
| Wiki Markup |
|---|
"privileges": \[ |
...
| Wiki Markup |
|---|
"grant": \[ |
...
| Wiki Markup |
|---|
"run_as": \[\], |
...
| Wiki Markup |
|---|
"roles": \["logstash_writer_role"\], |
...
| Wiki Markup |
|---|
hosts => \["https://wifimon-kibana.rash.al"\] |
...
| Wiki Markup |
|---|
hosts => \["https://wifimon-kibana.rash.al"\] |
...
| Wiki Markup |
|---|
"index_patterns": \["radiuslogs", "dhcplogs"\], |
...
| Wiki Markup |
|---|
hosts => \["https://wifimon-kibana.rash.al"\] |
...
| Wiki Markup |
|---|
hosts => \["https://wifimon-kibana.rash.al"\] |
...