...
Configuring a cluster means configuring the nodes it consists of, which in turn means defining cluster-general and node-specific settings. Elasticsearch defines these settings in configuration files located under the /etc/elasticsearch directory.
Anchor jvm_options jvm_options
JVM Options
| jvm_options | |
| jvm_options |
JVM options are defined in the /etc/elasticsearch/jvm.options file. By default Elasticsearch tells JVM to use a heap of minimum and maximum of 1 GB size. The more heap available, the more memory it can use for caching, however it is recommended to use no more than 50% of the total memory.
...
By default a node is a master-eligible, data, and ingest node, which means (a) it can be elected as master node to control the cluster, (b) it can hold data and perform operations on them, and (c) it is able to filter and enrich a data document before being indexed. Having a dedicated pipeline node with filtering/enriching capabilities there’s no need for the ingest feature, it has been however enabled because it is used for monitoring purposes.
| Note | ||
|---|---|---|
| ||
Elasticsearch keystore should be configured before running this configuration. |
...
Below is the configuration of wifimon-kibana.rash.al as an Elasticsearch coordinating node. It follows the same pattern as the master-eligible/data nodes, but with their functionalities set to false.
| Note |
|---|
Elasticsearch keystore should be configured before running this configuration. |
...
Kibana is a browser-based interface that allows for searching, viewing, and interacting with the data stored in the cluster. It’s a visualization platform for creating charts, tables, and maps to represent the data. Kibana should be configured in an Elasticsearch node. The configuration of Kibana is done by editing the /etc/kibana/kibana.yml file.
| Note | ||
|---|---|---|
| ||
Kibana keystore should be configured before running this configuration. |
...
This section shows how to configure Filebeat’s logstash output to feed the pipeline node.
| Note | ||
|---|---|---|
| ||
Filebeat keystore should be configured before running this configuration. |
...
The hosts setting specifies node and port where Logstash service listens for incoming log events. The ${key_passphrase} references the passphrase of filebeat.key stored in Filebeat keystore -- it's about mutual SSL identificationauthentication, the client (filebeat) is forced to provide a certificate to the server (logstash) for the connection to be established.
...
The Kibana platform allows for monitoring the health of Filebeat service. For this to happen, the following configuration must be added in the /etc/filebeat/filebeat.yml file.
| Note | ||
|---|---|---|
| ||
Filebeat keystore should be configured before running this configuration. |
...
The ${beats_system_password} references the password of the beats_system built-in user which is stored in Filebeat keystore(todo:link).
Logstash Configuration
Logstash is a data collection engine with real-time pipelining capabilities. A Logstash pipeline consists of three elements, input, filter, and output. The input plugins consume data coming from a source, the filter plugins modify the data as specified, and the output plugins send data to a defined destination. In this setup data comes from Filebeat agents, with their logstash output configured to feed the Logstash instance on port 5044/tcp.
| Note | ||
|---|---|---|
| ||
Logstash keystore should be configured before running the configurations provided here. |
JVM Options
The JVM Options for Logstash are defined in the /etc/logstash/jvm.options file. The configuration is the same as the one configuring the JVM Options(todo:link) of of Elasticsearch.
Logstash Settings
...
n order not to have sensitive information hardcoded in the configuration files and just protecting that information with filesystem permissions, it is recommended to make use of keystores provided by the Elasticsearch components.
| Anchor | ||||
|---|---|---|---|---|
|
To configure Elasticsearch keystore run the following commands on each cluster node.
...
| Code Block |
|---|
/usr/share/elasticsearch/bin/elasticsearch-keystore list keystore.seed xpack.security.http.ssl.secure_key_passphrase xpack.security.transport.ssl.secure_key_passphrase |
| Anchor | ||||
|---|---|---|---|---|
|
To configure Kibana keystore run the following commands on wifimon-kibana.rash.al node.
...
| Code Block |
|---|
sudo -u kibana /usr/share/kibana/bin/kibana-keystore list server.ssl.keyPassphrase elasticsearch.username elasticsearch.password |
| Anchor | ||||
|---|---|---|---|---|
|
To configure Logstash keystore run the following commands on wifimon-logstash.rash.al node.
...
| Code Block |
|---|
/usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash/ list fingerprint_key logstash_system_password logstash_writer_password pkcs8_key_passphrase |
| Anchor | ||||
|---|---|---|---|---|
|
To configure Filebeat keystore run the following commands on the freeRadius server where Filebeat is installed.
...