Hi elastic team ,
I am new in ELK, I am trying to implement ELK on production environment. I have configured Elasticsearch,kibana and logstash..
host1 - elasticsearch,kibana ,logstash with nginx proxy
host2- Clientmachine installed with beats
here is the host1 machine configuration(ELK server)
Elasticsearch Configuration
vi /etc/elasticsearch/elasticsearch.yml
network.host: localhost
http.port: 9200
Kibana Dashboard Configuration
vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]
Nginx Configuration:
server {
listen 80;
server_name 172.xx.xx.xx;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.kibana-user;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Logstash Configuration
cat /etc/logstash/conf.d# cat 02-beats-input.conf
input {
beats {
port => 5044
}
}
I have configured filtersection too..
cat /etc/logstash/conf.d# cat 30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
On Host2 (Client server) Beat configuration
Auditbeat configuration:
cat /etc/auditbeat/auditbeat.yml
output.logstash:
#the logstash hosts
hosts: ["172.xx.xx.xx:5044"]
above is my Elk server and Client server Configuration.
here, i am not sure how to load auditbeat index/dashboard in kibana. When i try to setup kibana dashboard for auditbeat, i got following error.
[root@Elk-Client1 ~]# auditbeat setup
Exiting: Index management requested but the Elasticsearch output is not configured/enabled
I don't want to configure beat output directly to elasticsearch for security purpose.
Can you give some suggestion to sort this issue ?
Note: My goal is ships logs through logstash and visible to kibana dashboard.
Thanks