Darkfriday's Blog

Sharing about tech & sport etc..

0%

Posted on In
Symbols count in article: 3.5k Reading time ≈ 3 mins.
tags: elk elastic logstash kibana

💹ELK完全安裝手冊

XXXbeat = 事件發送裝置
Logstash = 事件處理裝置
Elasticsearchs = 搜索引擎
Gafana,Kibana = 使用者瀏覽+操作介面端
配合 ELK安全性 可以得知中間每一條虛線都可以加密,且圍繞著Elasticsearch有帳密驗證
事件如果不需要==額外==處理,可以直接跳過事件處理裝置直接送到搜索引擎

紅色GET
藍色POST

架構

digraph ELK { fontsize = 14; nodesep=0.6 edge [color=Blue,style=dashed] node [fontname=Courier,shape=record,color="skyblue", style="filled"]

subgraph cluster_shiper{
label=”線上機器’s”;
bgcolor=”mintcream”;
Filebeat;
Auditbeat
}

subgraph cluster_es{
label=”ES_clusters”;
bgcolor=”mintcream”;
Elasticsearchs
}

Elasticsearchs[style=”filled”,fillcolor=”yellow”]
Browser[style=”filled”,fillcolor=”green”]
Logstash[style=”filled”,fillcolor=”orange”]
Kibana[style=”filled”,fillcolor=”red”]
Gafana[style=”filled”,fillcolor=”brown”]

Elasticsearchs->Elasticsearchs[color=”green”][label=”9300”];
Logstash->Elasticsearchs[label=”9200”];
Filebeat->Logstash[label=”5044”];
syslog_client->Logstash[label=”5041-5045”];
Filebeat->Elasticsearchs[label=”9200”];
Auditbeat->Elasticsearchs[label=”9200”];
Kibana->Elasticsearchs;
Elasticsearchs->Kibana[color=”red”][label=”RESTful 9200”];
Elasticsearchs->Gafana[color=”red”][label=”9200”]
Kibana->Browser[color=”red”][label=”https 5061”]
Gafana->Browser[color=”red”][label=”http 3000”]
}

Read more »

Posted on In
Symbols count in article: 1.6k Reading time ≈ 1 mins.

💫Elasticsearch API 範例

Rolling upgrade

https://www.elastic.co/guide/en/elasticsearch/reference/current/rolling-upgrades.html

dev_tools: http://<$kibana_server>/app/dev_tools#/console

1. get cluseter node info

根據節點分組 優先處理非master的節點

dev_tools
GET /_nodes/_all,master:false?pretty&flat_settings
GET /_nodes/master:true?pretty&flat_settings
GET _cluster/settings?pretty&flat_settings

2. disabele node allocation & flush synced

只允許自動分配主要shard 不分配replicate

dev_tools
PUT _cluster/settings
{
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"
  }
}
POST _flush
Read more »

Posted on Edited on In
Symbols count in article: 992 Reading time ≈ 1 mins.

📦Auditbeat_install@CentOS8

tags: dnf, beats, centos , el8

Download elastic repo GPG key

$ sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Create .repo in /etc/yum.repos.d/

/etc/yum.repos.d/elastic.repo
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Read more »

Posted on Edited on In
Symbols count in article: 2.3k Reading time ≈ 2 mins.

CoreDNS 安裝教學 in Centos8(🐳Docker)

tags: coreDNS docker centos el8

安裝Docker

  • step 1 Add docker repo

    $ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

  • step 2 Installing docker-ce 相關依賴套件

    • buildah
    • podman
    • containerd.io > 1.2.0-3.el7
      $ sudo dnf -y install buildah && dnf -y install podman

  • step 2.5 Manual Installing containerd.io

    版本號 1.2.13-3.2 可更換最新的 
    $ sudo dnf -y install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm
    Read more »

Posted on Edited on In
Symbols count in article: 9.9k Reading time ≈ 9 mins.

🔐Elasticsearch、Kibana、Beats 和 Logstash 的安全設定

tags: ELK, beats, security , SSL , TLS

0. 了解ELK_Xpack & 安全模式

  • Xpack

    X-Pack is an Elastic Stack extension that provides security, alerting, monitoring, reporting, machine learning, and many other capabilities.

ELK是有收費版本的 而Xpack部分功能只有付費才開放
請參考:X-Pack features

  • ELK叢集安全模式
    #ES設定中加入 就是開啟xpack
    xpack.security.enabled: true

    重要觀念:

    誰對誰 誰是server端 誰是client要分清楚
    一個服務可能又是server又是client

Read more »