All posts by Gautier Franchini

27 Mar 2018
Sticky Post By Posted in News Permalink

How to hide credentials in logstash configuration files?

Sticky Post By On March 27, 2018

2018-03-27-logstash-keystore-blog

How to hide credentials in logstash configuration files?

logstash 6.2 let you protect credentials with the keystore.

Let’s see how to use logstash-keystore?

e.g. In the following, we will hide the ‘changeme’ password from the elasticsearch output of your logstash pipeline config file.

To create a logstash.keystorefile, open a terminal window and type the following commands

./bin/logstash-keystore create
./bin/logstash-keystore add es_password

ℹ️ the default directory is the same directory as the logstash.yml settings file.

./bin/logstash-keystore list should show you es_password as answser.

📌 The option -path.settings will set the directory for the keystore. (e.g. bin/logstash-keystore --path.settings /etc/logstash/.keystore create). The keystore must be located in Logstash’s path.settings directory.

📌 When you run Logstash from an RPM or DEB package installation, the environment variables are sourced from /etc/sysconfig/logstash. You might need to create /etc/sysconfig/logstash ; Please keep in mind that this file should be owned by root with 600 permissions.

# use es_password in the pipeline:
output {
	elasticsearch {
		hosts => …
		user => “elastic”
		password => “${es_password}”
	}
}

ℹ️ you can set the environment variable LOGSTASH_KEYSTORE_PASS to act as the keystore password.

Documentation

➡️ Official guide – logstash-keystore

To get help with the cli, simply use: $ ./bin/logstash-keystore help

27 Mar 2018
Sticky Post By Posted in News Permalink

Kibana – Setup log rotation

Sticky Post By On March 27, 2018

2018-02-05-elk-kibana-log-rotation

:information_source: In this document we will see how to properly setup a log rotation for kibana. The e.g. is based on CentOS7 but can be easily adapt for ubuntu or any other linux distribution.

Documentation

  • Kibana doesn’t handle log rotation, but it is built to work with an external process that rotates logs, such as logrotate.
  • The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size.
  • Logrotate can be installed with the logrotate package. It is installed by default and runs daily.
  • The primary configuration file for logrotate is /etc/logrotate.conf; additional configuration files are included from the /etc/logrotate.d directory.

Prerequisites

kibana

  • Have the following elements (pid.file AND logging.dest) setup in the kibana.yaml configuration file 
    server.port: 5601
server.host: "${KIBANA_SRV}"
elasticsearch.url: "http://${ES_SRV}:9200"
kibana.index: ".kibana"
pid.file: /var/run/kibana/kibana.pid
logging.dest: /var/log/kibana/kibana.log
  • :warning: verify if kibana is well authorised to create /var/log/kibana.log file. 
    $ mkdir -p /var/log/kibana/ && chown -R kibana:kibana /var/log/kibana/
$ mkdir -p /var/run/kibana/ && chown -R kibana:kibana /var/run/kibana/

logrotate

verify that logrotate is properly installed

$ logrotate --version
    logrotate 3.8.6

verify that logrotate configuration include the logrotate.d directory

$ cat /etc/logrotate.conf
  . . .
  include /etc/logrotate.d

Configuration

logrotate file

We will create a new logrotate configuration for kibana

$ cat << EOF > /etc/logrotate.d/elk-kibana
/var/log/kibana/*.log {
  missingok
  daily
  size 10M
  create 0644 kibana kibana
  rotate 7
  notifempty
  sharedscripts
  notifempty
  compress
  postrotate
    /bin/kill -HUP $(cat /var/run/kibana/kibana.pid 2>/dev/null) 2>/dev/null
  endscript
}
EOF

Verify your file syntax with the following command

logrotate -vd /etc/logrotate.d/elk-kibana

If you didn’t get any error, you can manually start the first rotation with

logrotate -vf /etc/logrotate.d/elk-kibana

Crontab file

If the ligne include /etc/logrotate.d is well present in /etc/logrotate.conf and logrotate.conf present in /etc/cron.daily/logrotate you don’t need to do any more setup.

grep "logrotate.conf" /etc/cron.daily/logrotate
    /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf

 

Happy logs rotation! 
G.

28 Aug 2017
Sticky Post By Posted in Blog Permalink

Setup a secured redis-cluster on centos7

Sticky Post By On August 28, 2017

Setup a secured redis-cluster on centos7

What is redis exactly?

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.

Redis Sentinel provides high availability for Redis. In practical terms this means that using Sentinel you can create a Redis deployment that resists without human intervention to certain kind of failures.

⚠️ You need at least three Sentinel instances for a robust deployment.

Sentinel constantly checks if your master and slave instances are working as expected.
Notification.

If a master is not working as expected, Sentinel can start a failover process where a slave is promoted to master, the other additional slaves are reconfigured to use the new master, and the applications using the Redis server informed about the new address to use when connecting.

ℹ️ Sentinel manages the failover, it doesn’t configure Redis for HA. It is an important distinction.

Read more

28 Aug 2017
Sticky Post By Posted in Blog, News Permalink

Ansible – how to collect information about remote hosts with Gathers facts

Sticky Post By On August 28, 2017

 Anisble – how to collect information about your remote hosts

In order to do so, we will discuss about ansible modue: Gathers facts

:information_source: Official webpage: https://docs.ansible.com/ansible/setup_module.html

Display facts from all hosts and store them at /tmp/facts indexed by hostname

ansible all -m setup --tree /tmp/facts

➡ now check the file to have a clear view off all variables (facts) collected by ansible for your host like the well known {{ inventory_hostname }}

Read more

28 Aug 2017
Sticky Post By Posted in Blog, News Permalink

Usefulness of an MQ layer in an ELK stack

Sticky Post By On August 28, 2017

Usefulness of an MQ layer in an ELK stack

First things first, disambiguation; let’s talk about these strange words.

What does ELK means?

An ELK stack is composed of Elasticsearch, Logstash, and Kibana; these 3 components are owned by the elastic.co company and are particulary useful to handle Data. (ship, enrich, index and search your Data)

What does MQ means?

In computer science, The message queue paradigm is a sibling of the publisher/subscriber pattern.
You can imagine an MQ componant works like several mailboxes; meaning that publisher(s)/subscriber(s) do not interact with the message at the same time, many publishers can post a message for one subsriber and vice versa.

➡ Redis or Kafka or RabbitMQ can be used as buffer in the ELK stack.

Read more

Contact Us

 

Data Essential Sàrl West Side Village Bâtiment D - 89D, rue Pafebruch - L-8308 Capellen - LU25694086

Your Name (required)

Your Email (required)

Your Message