Versions Compared

Old Version 64

changes.mady.by.user Sokol Gjeçi

Saved on

compared with

New Version 65

changes.mady.by.user Sokol Gjeçi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NodeOpen Port
wifimon-node{1,2,3}.example.org9300/tcp
wifimon-kibana.example.org9200/tcp, 9300/tcp, 5601/tcp
wifimon-logstash.example.org5044/tcp

Port 9300/tcp is used for internal communication between cluster nodes. Port 5044/tcp is where Logstash listens for beats of log events sent from Filebeat. Port 5601/tcp is used to access Kibana platform from the browser. Port 9200/tcp is used to query the cluster.

Note
titleNOTE

To query the cluster, the The node wifimon-kibana.example.org is also used for monitoring purposes, and this is the reason port 9200/tcp is used. This port is not opened open in the firewall.

There's no need to open port 9200/tcp for querying , the cluster, this can only be queried happen locally by applying Elasticsearch Elasticsearch REST API commands at the cluster node you are currently logged in. For more information on querying the cluster see Cluster Exploration.

This setup uses firewalld for the configuration of firewall. On wifimon-kibana.example.org two rich rules allow access for cluster nodes and components. On each other node a "wifimon" custom zone is created to hold the specific configuration.

...

Code Block
firewall-cmd --zone=public --list-ports 
5601/tcp

firewall-cmd --zone=wifimonpublic --list-rich-ports 
9300/tcp
firewall-cmd --zone=wifimon --list-sources
10.0.0.1/32 10.0.0.2/32 10.0.0.3/32rules 
rule family="ipv4" source ipset="wifimon-nodes" port port="9300" protocol="tcp" accept
rule family="ipv4" source ipset="wifimon-components" port port="9200" protocol="tcp" accept

firewall-cmd --zone=public --ipset=wifimon-nodes --get-entries
10.0.0.1
10.0.0.2
10.0.0.3

firewall-cmd --zone=public --ipset=wifimon-components --get-entries
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.5
10.10.10.111
192.168.1.15


Note
titleNOTE

In the wifimon-components ipset, 10.10.10.111 and 192.168.1.15 are the IPs of the servers where Filebeat agents are installed – see the configuration of wifimon-logstash.example.org below. For the other components, their IPs are described at 04 Streaming Logs Into ELK Cluster section.

On wifimon-node1.example.org:

Code Block
firewall-cmd --zone=wifimon --list-ports 
9300/tcp

firewall-cmd --zone=wifimon --list-sources
10.0.0.2/32 10.0.0.3/32 10.0.0.4/32

...

Code Block
firewall-cmd --zone=wifimon --list-ports 
9300/tcp

firewall-cmd --zone=wifimon --list-sources
10.0.0.1/32 10.0.0.3/32 10.0.0.4/32

...

Code Block
firewall-cmd --zone=wifimon --list-ports 
9300/tcp

firewall-cmd --zone=wifimon --list-sources
10.0.0.1/32 10.0.0.2/32 10.0.0.4/32

...

Code Block
firewall-cmd --zone=wifimon --list-ports 
5044/tcp

firewall-cmd --zone=wifimon --list-sources
10.10.10.111/32 192.168.1.15/32
Note
titleNOTE
In the configuration of Logstash firewall, 10.10.10.111 and 192.168.1.15 are the IPs of the servers where Filebeat agents are installed. For the other components, their IPs are described at 04 Streaming Logs Into ELK Cluster section.
SSL/TLS Certificates
The cluster communication is secured by configuring SSL/TLS encryption. The elasticsearch-certutil was used to generate a CA certificate, utilized for signing the certificates of the cluster components. This utility comes with the elasticsearch installation, and in this case was used the one installed in the wifimon-kibana.example.org node.
...