After writing my previous article about shipping Apache logs to Elasticsearch via Logstash, I changed my setup for various reasons. But I still visualize them using Kibana.
Using Netflow, you can visualize your network traffic and use the collected data to analyze conections in case of troubles (which is what I use it for). All kinds of collectors are on the market, most paid applications, but why not use ELK for this and visualize your traffic using Kibana?
It’s been a while, but today I thought it was time to finish my ELK input for monitoring Microsoft Exchange Server.
It’s still a Work In Progress, but I didn’t want to keep this from you. Using ELK and Filebeat, I want to monitor what is going in and out of my Microsoft Exchange Server. Eventually I want to see what e-mail is flowing trough my Edge Server to my Mailbox Server and what e-mail is blocked (and in what amounts).
I’ll keep you posted!
After upgrading to Elasticsearch 2.0 (running on Debian 8 “Jessie”), I noticed it didn’t start automatically anymore. A service elasticsearch status returned this:
● elasticsearch.service - Elasticsearch Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled) Active: active (running) since Fri 2015-10-30 23:27:04 CET; 23min ago
Notice the disabled part? You need to manually enable it again.
Today we will be sending alerts from my Cisco ASA firewall to Kibana. As I was looking how to configure this, I found some examples of how to do this, but none of them really worked, so I started “hobbying” myself and created something that works really well.
I needed a more convenient way to view my Apache access logs, other than tailing the access logs files on my webserver. Why not use Kibana for this? It not only shows you the access log lines, it also lets you create nice graphs about visitors, response codes, user agents, etcetera.