Need to create multiple logstash into the same server to monitor apache and nginx together

m_5amy · June 25, 2018, 4:22pm

i'm trying to use ELK "Elasticsearch , logstash and kibana" to monitor apache and nginx logs
and centralize logs into kibana.
now I have got logs of apache into logstash and kibana so,
what should i do to get ngnix logs too ??

Thanks.

magnusbaeck · June 25, 2018, 9:51pm

An exact answer depends on

your exact configuration and
whether your Apache logs and Nginx logs look the same (i.e. if they can be parsed with the same filter).

m_5amy · June 26, 2018, 11:12am

Ok thanks @magnusbaeck but what about if there are multiple servers i want to monitor and the ELK into another server?
what should i do to monitor all servers "different machines" into a single ELK ?

magnusbaeck · June 26, 2018, 12:29pm

Install Filebeat on all machines with logs and get them shipped to the machine where you want to run Logstash.

m_5amy · June 26, 2018, 12:34pm

@magnusbaeck only filebeat or filebeat with logstash too ??

magnusbaeck · June 26, 2018, 1:07pm

That's up to you. I prefer using Filebeat and Logstash together since Logstash has more extensive filtering abilities.

m_5amy · June 26, 2018, 1:10pm

Really thanks alot @magnusbaeck
Is kibana can monitor apache request number , active workers and idle workers ?? if yse could you tell me how to make it into kibana ?

magnusbaeck · June 26, 2018, 1:41pm

Kibana can monitor any data you throw at it. I don't think there's anything built-in for what you're looking for. but check out Metricbeat and its modules.

m_5amy · June 26, 2018, 2:46pm

@magnusbaeck my metricbeat.yml configuration attached and i followed this steps
https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-configuration.html

but never occurred and no merticbeat* index added to kibana
what should i do ?

###################### Metricbeat Configuration Example #######################

This file is an example configuration file highlighting only the most common

options. The metricbeat.reference.yml file from the same directory contains all the

supported options with more comments. You can use it as a reference.

You can find the full configuration reference here:

https://www.elastic.co/guide/en/beats/metricbeat/index.html

#========================== Modules configuration ============================

metricbeat.config.modules:

module: system
metricsets:
- cpu
- filesystem
- memory
- network
- process
  enabled: true
  period: 10s
  processes: ['.*']
  cpu_ticks: false
module: apache
metricsets: ["status"]
enabled: true
period: 1s
hosts: ["my_host"]

Glob pattern for configuration loading

path: ${path.config}/modules.d/*.yml

Set to true to enable config reloading

reload.enabled: false

Period on which files under path should be checked for changes

#reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
#_source.enabled: false

#================================ General =====================================

The name of the shipper that publishes the network data. It can be used to group

all the transactions sent by a single shipper in the web interface.

#name:

The tags of the shipper are included in their own field with each

transaction published.

#tags: ["service-X", "web-tier"]

Optional fields that you can specify to add additional information to the

output.

#fields:

env: staging

#============================== Dashboards =====================================

These settings control loading the sample dashboards to the Kibana index. Loading

the dashboards is disabled by default and can be enabled either by setting the

options here, or by using the `-setup` CLI flag or the `setup` command.

#setup.dashboards.enabled: false

The URL from where to download the dashboards archive. By default this URL

has a value which is computed based on the Beat name and version. For released

versions, this URL points to the dashboard archive on the artifacts.elastic.co

website.

#setup.dashboards.url:

#============================== Kibana =====================================

Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.

This requires a Kibana endpoint configuration.

setup.kibana:
host: "http://myhost:5601"

Kibana Host

Scheme and port can be left out and will be set to the default (http and 5601)

In case you specify and additional path, the scheme is required: http://localhost:5601/path

IPv6 addresses should always be defined as: https://[2001:db8::1]:5601

#host: "localhost:5601"

#============================= Elastic Cloud ==================================

These settings simplify using metricbeat with the Elastic Cloud (https://cloud.elastic.co/).

The cloud.id setting overwrites the `output.elasticsearch.hosts` and

`setup.kibana.host` options.

You can find the `cloud.id` in the Elastic Cloud web UI.

#cloud.id:

The cloud.auth setting overwrites the `output.elasticsearch.username` and

`output.elasticsearch.password` settings. The format is `<user>:<pass>`.

#cloud.auth:

#================================ Outputs =====================================

Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:

Array of hosts to connect to.

hosts: ["localhost:9200"]

Optional protocol and basic auth credentials.

#protocol: "https"
#username: "elastic"
#password: "changeme"

#----------------------------- Logstash output --------------------------------
#output.logstash:

The Logstash hosts

#hosts: ["localhost:5044"]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

Sets log level. The default log level is info.

Available log levels are: error, warning, info, debug

#logging.level: debug

At debug level, you can selectively enable logging only for some components.

To enable all selectors use ["*"]. Examples of other selectors are "beat",

"publish", "service".

#logging.selectors: ["*"]

#============================== Xpack Monitoring ===============================

metricbeat can export internal metrics to a central Elasticsearch monitoring

cluster. This requires xpack monitoring to be enabled in Elasticsearch. The

reporting is disabled by default.

Set to true to enable the monitoring reporter.

#xpack.monitoring.enabled: false

Uncomment to send the metrics to Elasticsearch. Most settings from the

Elasticsearch output are accepted here as well. Any setting that is not set is

automatically inherited from the Elasticsearch output configuration, so if you

have the Elasticsearch output configured, you can simply uncomment the

following line.

#xpack.monitoring.elasticsearch:

magnusbaeck · June 26, 2018, 4:23pm

The Metricbeat logs probably contain clues, especially if you crank up the loglevel. If that doesn't help, ask in the Beats category.

system · July 24, 2018, 4:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New user trialling Kibana for SIEM Kibana	2	448	June 8, 2018
Get logs from different EC2 instance Elasticsearch beats-module	4	1602	October 7, 2019
How to configure ELK to receive logs from multiple servers Logstash	4	1686	February 24, 2021
Ship Logs from application server to ELK server with beats Elasticsearch	1	466	June 25, 2020
Logstash and Beats -Metricbeat,Filebeat stats monitoring using metricbeat Elasticsearch	6	448	November 21, 2023