So at $newJob I'm setting up an ELK server in the dev environment, for those who don't know ELK stands for Elasticsearch, Logstash and Kibana. And apparently is now called teh Elastic Stack.. lol.
This post is not intended to be a tutorial, but merely things I have run into or noticed during the course of my own time spent on this project. The tutorial I am using is here: How to install ELK on CentOS 7
One thing right off the bat is that Yaml (yml) files are horribly dependent upon proper spacing. One wrong space can toss up some damn ugly errors that leave you scratching your head.
When possible use SCP to copy config files across your multiple client servers to help maintain consistency.
Following the instructions to create a self-signed SSL cert based off IP worked. Now I tried Method 2 using a CN with DNS. Each client plus the ELK server has hosts defined. However generating a cert based off CN failed each and every time because the signer could not be authenticated. Now generating off IP using the ssl.conf worked on one client, but not the other. In the end I scp'd the filebeat.yml from the working client to the non-working one, bounced filebeat's service and it began reporting.
And finally
sudo curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
returns info! yay.
BTW all of this was built on a CentoS 7 minimal install on ESXI 5.5
No comments:
Post a Comment