Vishal Sharma

Beginning Elastic Stack

Vishal Sharma

New Delhi, Delhi, India

Any source code or other supplementary materials referenced by the author in this text are available to readers at www.apress.com . For detailed information about how to locate your book’s source code, go to www.apress.com/source-code/ . Readers can also access source code at SpringerLink in the Supplementary Material section for each chapter.

ISBN 978-1-4842-1693-4

e-ISBN 978-1-4842-1694-1

DOI 10.1007/978-1-4842-1694-1

Library of Congress Control Number: 2016961231

© Vishal Sharma 2016

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image, we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the author nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The Publisher makes no warranty, express or implied, with respect to the material contained herein.

Printed on acid-free paper

Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springer.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

Introduction

Back in 2005 when I have started my career as a server administrator in a startup, I had just 2 servers to manage. That was an easy job with just few websites running on both the servers. However, in next few years I had more than 10 servers running with different application and services. So I had to check the logs of every server and it was like spending more than a half day every day. Slowly the number of servers increased so I have configured few scripts to send me some important log information of each server, but again in just next 1 year I had 50+ servers to manage and it was crazy checking logs and I was worried, as there were all kinds of attacks happening on the servers. It was a huge task to read logs and troubleshooting the issues for each server, all I wanted was to have a centralized log server. I googled and found Logstash, as I was learning more about Logstash I came across with Elasticsearch & Kibana as well and it was a wow moment for me.

I have configured the ELK setup and started working on it. The whole experience was amazing, I was able to configure all the service logs and application log to a centralized server and also was able to define the parameters I wanted. The setup helped me to quickly search through the logs and find out the issues. Using the plugins, I have configured alerts as well.

There is a good community support and the product is keep evolving even to this date. The book Beginning Elastic Stack covers everything to configure a centralized log server quickly and effectively. In the book I have also covered Elastic Stack setup with Puppet and Foreman, which will help the server administrators not to just having ELK Stack configured quickly and easily but also having a system managing servers using Puppet.

Acknowledgments

I would like to thank a few special people:

  • I would first like to thank my Mom, Mrs. Rama Pachauri, without her continuous support and love I never would have been able to finish the book.

  • A special thanks to my Dad, Mr. V.C Pachauri for letting me do whatever I want to, and for providing me the much needed support always.

  • I can’t thank enough to my wife Shweta for giving me the much needed confidence and the courage to complete the book. There was a rough time when I was caught between my business and completing the book and Shweta was always there with suggestions and support.

  • I’d like to thank my friends Gaurav Mahajan, Hemant Gaba & Yakesh Arora for being pillars of my life over the years.

  • A big thank you to Panos for helping me out with the Technical Review and suggestions which helped me to include more technical things.

  • I want to thank Thomas d’Otreppe (Author Aircrack-ng) for doing Technical Review of my book. Man you are my hero, thank you so much for your help.

  • Thanks to Louise from Apress for giving me an opportunity and for helping me out with everything.

  • Nancy from Apress thanks for the push I needed.

Contents

  1. Chapter 1:​ Getting Started with Logstash
    1. Why Use Logstash?​
    2. Logstash, Elasticsearch, and Kibana Setup
    3. Preinstallation Setup
    4. Hardware Requirements
      1. Install a Fresh Server
      2. Installing OpenJDK 8 and JRE on CentOS 7
      3. Installing OpenJDK 8 and JRE on Ubuntu 16.​04.​1 LTS
    5. Installing Logstash
      1. Installing Logstash on CentOS 7
      2. Installing on Ubuntu 16.​04.​1 LTS
      3. Logstash CLI Flags
    6. Logstash Configuration
    7. Logstash Logs
    8. Upgrading Logstash
    9. Summary
  2. Chapter 2:​ Getting Started with Elasticsearch
    1. What Is Elasticsearch?​
    2. Installing Elasticsearch on CentOS 7
    3. Installing Elasticsearch on Ubuntu 16.​04.​1 LTS
    4. Configuring Elasticsearch on CentOS 7
      1. Configuring Network Settings
    5. Configuring Elasticsearch on Ubuntu 16.​04.​1 LTS
    6. Creating an Index
    7. Deleting an Index
    8. Upgrading Elasticsearch
    9. Summary
  3. Chapter 3:​ Getting Started with Kibana
    1. Installing Kibana on CentOS 7
    2. Installing Kibana on Ubuntu 16.​04.​1 LTS
    3. Configuring Kibana with Logstash and Elasticsearch
    4. Kibana Visualize
    5. Kibana Plug-ins
    6. Removing Plug-ins
    7. Updating a Plug-in
    8. Kibana Server Configuration
    9. Summary
  4. Chapter 4:​ Working with Remote Servers
    1. Setting Up Logstash on a Remote Server
    2. Installing Filebeat on a Remote CentOS 7 Server
    3. Installing Filebeat on a Remote Ubuntu 16.​04.​1 LTS Server
    4. Configuring Filebeat on CentOS 7 and Ubuntu 16.​04.​1 LTS
    5. Sending Output to Logstash Using Filebeat
    6. Sending Data to Elasticsearch Using Filebeat
    7. Filebeat CLI Flags
    8. Summary
  5. Chapter 5:​ Configuring Logstash for Services and System Logs
    1. Syslog Configuration with Logstash CentOS 7
    2. Syslog Configuration with Logstash on Ubuntu 16.​04.​1 LTS
    3. Configuring Logstash for Mail Servers
    4. Exim Configuration
    5. Postfix Configuration
    6. Configuring Secure Log
    7. MySQL Logs
    8. Summary
  6. Chapter 6:​ Graphite Monitoring and Graphs
    1. Installing Graphite on CentOS 7
    2. Preinstallation Setup
    3. Installing Graphite on CentOS 7
    4. Configuring Graphite, Carbon, and Whisper
    5. Adding Carbon As a Service on CentOS 7
    6. Configuring Graphite-web
    7. Configuring Logstash to Send Data to Graphite
    8. Securing Graphite-web
    9. Installing Graphite on Ubuntu 16.​04.​1 LTS
    10. Configuring Graphite-web
    11. Database Creation
    12. Configuring Logstash to Send Output to Graphite
    13. Summary
  7. Chapter 7:​ Configuring Elasticsearch Watcher
    1. Installing Watcher on CentOS 7
    2. Installing Watcher on Ubuntu 16.​04.​1 LTS
    3. Configuring Watches for Logs
    4. Configuring Kibana for Watches
    5. Sending Alerts to E-mail
    6. Configuring Sense Editor
    7. Installing Sense Editor
    8. Creating an Index Using Sense
    9. Listing Watches
    10. Deleting Watches
    11. Sense Editor History
    12. Sense Editor Settings
    13. Sense Editor Help
    14. Summary
  8. Chapter 8:​ Securing the ELK Stack with Shield
    1. Preinstallation Setup
    2. Installing Shield on CentOS 7
    3. Installing Shield on Ubuntu 16.​04.​1 LTS
      1. IP Filtering
      2. Authentication
    4. Adding a User to Shield
    5. Configuring Logstash to Use Authentication
    6. Configuring Filebeat to Use Authentication
      1. Authorization
      2. Node Encryption
      3. Auditing of Security Events
    7. Summary
  9. Chapter 9:​ Logstash Plug-ins
    1. Listing Logstash Plug-ins
    2. Installing Logstash Plug-ins
      1. Updating Plug-ins
      2. Removing Plug-ins
    3. Logstash Input Plug-ins
      1. Beats Input Plug-in
      2. Elasticsearch Input Plug-in
      3. File Input Plug-in
      4. Graphite Input Plug-in
      5. HTTP Input Plug-in
      6. Stdin Input Plug-in
      7. Syslog Input Plug-in
      8. Logstash Output Plug-ins
      9. Elasticsearch Output Plug-in
      10. File Output Plug-in
      11. Graphite Output Plug-in
      12. Syslog Output Plug-in
      13. Stdout Output Plug-in
    4. Summary
  10. Chapter 10:​ Managing the ELK Stack with Puppet and Foreman
    1. Installing Foreman on CentOS 7
      1. Prerequisites
      2. Adding Repositories
    2. Installing Foreman on Ubuntu 16.​04.​1 LTS
    3. Installing Logstash Using Puppet and Foreman
    4. Installing Elasticsearch Using Puppet and Foreman
    5. Installing Kibana Using Puppet and Foreman
    6. Summary
  11. Index

About the Author and About the Technical Reviewer

About the Author

Vishal Sharma is a developer and entrepreneur with more than ten years’ experience working with various GNU/Linux server distributions and open source tools. As well as Logstash, he enjoys exploring server and web application security, to stay ahead of hackers and spammers and protect clients’ data.

About the Technical Reviewer

A370765_1_En_BookFrontmatter_Figb_HTML.jpg

Panayiotis Gotysis has been working with systems and system administration since the moment he understood the power and magic of the CLI. For the past 12 years, he has specialized in architecting systems for redundancy, high availability and security, with an emphasis on virtualization and storage technologies.

In the last 3 years, working for the Greek Research Network ( https://www.grnet.gr ), he has moved into the DevOps mindset, seeking for configuration management, automation, and orchestration. Puppet and the ELK stack form the staple of the Greek Research Network’s operations as their service portfolio expands and their cloud offering, based on Ganeti ( http://www.ganeti.org/ ) and Synnefo ( https://www.synnefo.org/ ) provides virtualized resources to the academic and research institutions in Greece.

His current interests lie in architecting disaster recovery solutions, working with Fabric ( http://www.fabfile.org/ ) and using these tools to perform capacity management.

When not on a keyboard, he likes to improve his amateur photography skills and roll d20s with his role playing group.

Panayiotis can be reached at [email protected] .

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.11.62