add guide to enable central logging to elastic

_toc.yml

@@ -36,6 +36,7 @@ chapters:
       - file: admin-guide/configuration
         sections:
           - file: admin-guide/configuration/icinga2
+          - file: admin-guide/configuration/central_logging_elastic
           - file: admin-guide/configuration/mount
           - file: admin-guide/configuration/distribute_files
           - file: admin-guide/configuration/vgroot

admin-guide/configuration.md

@@ -5,6 +5,9 @@ Here starts a so far small collections of configuration guides for sysadmins of
 ## Monitoring
 - [Icinga2](configuration/icinga2)
 
+## Logging
+- [Setup Central Logging to Elastic](configuration/central_logging_elastic)
+
 ## Basic Setup
 - [Mounting Volumes](configuration/mount)
 - [Distribute Files](configuration/distribute_files)
@@ -25,3 +28,4 @@ Here starts a so far small collections of configuration guides for sysadmins of
 - [SSH Host Hopping as Root (e.g. between cluster members)](configuration/ssh_host_hopping)
 - [Install Citrix VDA](configuration/citrix_vda)
 - [Sending / Relaying Emails](configuration/configuration_email)
+

admin-guide/configuration/central_logging_elastic.md

@@ -0,0 +1,28 @@
+# Configure Central Logging to Elastic
+
+To ship the logs of a system to the central logging service (Elastic) following pre steps are needed:
+
+1. Have a space in Elastic to ship the logs to
+2. Have a space API key
+
+Both prerequisites you can check with / talk to Michel Rebmann (michel.rebmann@psi.ch) / Group 9522
+
+
+Afterwards the log shipping can be configures as follows in hiera:
+
+```
+base::enable_elastic: true
+elastic::space: 'lx'
+elastic::space_api_key: 'yoursuperstrangeapikey'
+```
+
+```{note}
+Replace the space name as well as the space_api_key according to your setup.
+```
+
+By default __all__ journald logs are shipped to the central Elastic instance. If you want to __limit__ the logs to specific units, the units can be specified as follows:
+
+```
+elastic::systemd_units:
+    - 'sshd.service'
+```