Load more
    EN
    Contact us
    Blog
    published on January 01, 1970
    |
    modified on December 05, 2019

    Centralized Logging with Logstash, Elasticsearch & Kibana

    Roman Prydybailo
    author:
    Roman Prydybailo
    Centralized Logging with Logstash, Elasticsearch & Kibana

    In this post, we will set up the collection and visualization of system logs with the use of Logstash and Kibana.

     

     

    Sometimes we need to look through the logs, searching for the required lines on several servers; to do this, we log in and look for the logs repeating the same commands on the servers.

     

    Suppose we have 3 MX servers, and some customer files a complaint on a missing message; which he sent abroad to his wife at a particular time. 

     

    Using the ELK stack (E-elasticsearch L-logstash K-kibana), we can find that message in the logs in a couple of clicks. 

     

     

    What you have to replace is marked in italic.

    What we use for building the centralized logging system

    – Centos 7: The most recent version of the operation system

    – Logstash: Server-based part for processing incoming logs

    – Elasticsearch: For storing logs

    – Kibana: Web interface for searching through and visualizing the logs

    – Logstash Forwarder: It is installed on the servers as an agent for sending logs to a logstash server.

     

    We will install the first three components on our collection server, and Logstash Forwarder on the servers we want to collect logs from.

    Install Java 8

    Java is needed for Logstash and Elasticsearch. We are going to install OpenJDK 8.

    Unpack

    Grant the necessary rights:

    Create simlinks with the use of alternatives:

    Delete the downloaded archive

    Install Elasticsearch

    Import Elasticsearch public GPG key:

    Create and edit the repository file for Elasticsearch:

    Install Elasticsearch

    Modify the configuration file:

    Close access to elascticsearch from the outside:

    Run Elasticsearch:

    And add it to the autorun:

    Install Kibana:

    Download and unpack Kibana 4:

    Edit the configuration file:

    In the Kibana configuration file, find the line that determines the host and replace the IP (0.0.0.0 by default) with the IP from the localhost:

    This parameter indicates that Kibana will be accessible only locally. This is good, as we will use the reverse proxy server Nginx to grant access from the outside.

    And relocate the unpacked files there:

    Kibana is run as /opt/kibana/bin/kibana, but we will run it as a service. Create Kibana Systemd:

    Now, run it and add it to the autorun

    Set epel repository

    Install Nginx

    Using htpasswd, create a user and a password

    Now, edit the main configuration nginx.com:

    Find and delete the whole section server{}. Two lines should remain at the end

    Now, create the configuration file nginx for kibana4

    Run Nginx:

    Now, Kibana is accessible at https://FQDN/

    Install Logstash:

    Create the repository file for Logstash:

    Save and exit

    Install Logstash:

    Generate SSL certificates

    Generate certificates for checking server authenticity

    The file logstash-forwarder.crt should be copied to all servers, which will send logs to the Logstash server

    Configure Logstash:

    The configuration files for Logstash are written in json format and are located at /etc/logstash/conf.d. Configuration includes 3 sections: inputs, filters, and outputs.

    Create file 01-lumberjack-input.conf and set up “lumberjack” input (the protocol used by Logstash and Logstash Forwarder to communicate)

    Save and exit. It was noted here that lumberjack will listen to TCP port 5000 and will use the certificates we had generated before
    .

     

    Now, create a file named 10-syslog.conf, and add it to the settings of syslog messages filtration:

    Save and exit

     

    Create the last file 30-lumberjack-output.conf:

    Restart Logstash:

    Now that Logstash is set up, we go to Logstash Forwarder

    Set up Logstash Forwarder

    Copy the SSL certificate to the server where Logstash Forwarder will work

    Download the key:

    Create the repository configuration file:

    Creating repo for Logstash Forwarder

    Install Logstash Forwarder

    Copy the certificates to the required location:

    Let’s get to setting it up:

    Add Logstash Forwarder to the autorun and run it:

    Now, Logstash Forwarder will send logs to your Logstash server.

     

    Enter kibana, open Dashboard, and enjoy the view.

    </div

    Add comment

    E-mail is already registered on the site. Please use the Login form or enter another.

    You entered an incorrect username or password

    Sorry that something went wrong, repeat again!
    Blog
    Istio Explained – Service Mesh Part 1: Routing
    October 29, 2019
    Read more
    Blog
    Prometheus Operator – Installing Prometheus Monitoring Within The Kubernetes Environment
    October 07, 2019
    Read more
    Blog
    Ceph-Ansible For A Quick And Error-Free Installation Of Ceph Clusters
    September 19, 2019
    Read more
    EN DE
    Contact us