Page History

...

Code Block

curl -X POST --cacert /etc/elasticsearch/certs/ca.crt --user elastic 'https://wifimon-kibana.rash.al:9200/_security/role/logstash_writer_role?pretty' -H 'Content-Type: application/json' -d'
{
  "cluster": [
    "monitor",
      "manage_index_templates"
  ],
  "indices": [
    {
      "names": [
        "radiuslogs",
        “dhcplogs”
      ],
      "privileges": [
        "write",
        "create_index"
      ],
      "field_security": {
        "grant": [
          "*"
        ]
      }
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
'

...

Code Block

set +o history
curl -X POST --cacert /etc/elasticsearch/certs/ca.crt --user elastic \
'https://wifimon-kibana.rash.al:9200/_security/user/logstash_writer?pretty' \
-H 'Content-Type: application/json' -d'
{
  "username": "logstash_writer",
  "roles": ["logstash_writer_role"],
  "full_name": null,
  "email": null,
  "password": "some-password-goes-here",
  "enabled": true
}
'
set -o history

...

On radius-pipeline, the output becomes:

Code Block

output {
    elasticsearch {
        ssl => true
        ssl_certificate_verification => true
        cacert => "/etc/logstash/certs/ca.crt"
        user => "logstash_writer"
        password => "${logstash_writer_password}"
        hosts => ["https://wifimon-kibana.rash.al"]
        index => "radiuslogs"
    }
}

On dhcp-pipeline, the output becomes:

Code Block

output {
    elasticsearch {
        ssl => true
        ssl_certificate_verification => true
        cacert => "/etc/logstash/certs/ca.crt"
        user => "logstash_writer"
        password => "${logstash_writer_password}"
        hosts => ["https://wifimon-kibana.rash.al"]
        index => "dhcplogs"
    }
}

Logstash is now able to send the data over SSL/TLS toward the coordinating node. The logs will be stored in radiuslogs and dhcplogs indices, respectively.

...

Code Block

curl -X PUT --cacert /etc/elasticsearch/certs/ca.crt --user elastic "https://wifimon-kibana.rash.al:9200/_ilm/policy/wifimon_policy?pretty" -H 'Content-Type: application/json' -d'
{
  "policy": {
    "phases": {
      "delete": {
        "min_age": "1d",
        "actions": {
          "delete": {}
        }
      }
    }
  }
}
'

Verify the policy was created:

...

Code Block

 curl -X PUT --cacert /etc/elasticsearch/certs/ca.crt --user elastic "https://wifimon-kibana.rash.al:9200/_template/wifimon_template?pretty" -H 'Content-Type: application/json' -d'
{
  "index_patterns": ["radiuslogs", “dhcplogs”],
  "settings": {"index.lifecycle.name": "wifimon_policy"}
}
'

...

On radius-pipeline:

Code Block

output {
    elasticsearch {
        ssl => true
        cacert => "/etc/logstash/certs/ca.crt"
        ssl_certificate_verification => true
        user => "logstash_writer"
        password => "${logstash_writer_password}"
        hosts => ["https://wifimon-kibana.rash.al"]
        ilm_enabled => true
        ilm_policy => "wifimon_policy"
        index => "radiuslogs"
    }
}

On dhcp-pipeline:

Code Block

output {
    elasticsearch {
        ssl => true
        cacert => "/etc/logstash/certs/ca.crt"
        ssl_certificate_verification => true
        user => "logstash_writer"
        password => "${logstash_writer_password}"
        hosts => ["https://wifimon-kibana.rash.al"]
        ilm_enabled => true
        ilm_policy => "wifimon_policy"
        index => "dhcplogs"
    }
}

Restart the logstash service to apply the new settings.

...

Page tree

Versions Compared

Old Version 22

New Version 23

Key