From 6741df36ee2f5b66bea2d0593e4c74d23e6aba1f Mon Sep 17 00:00:00 2001
From: ebner <simon.ebner@psi.ch>
Date: Mon, 16 Oct 2023 16:36:47 +0200
Subject: [PATCH] add guide to enable central logging to elastic

---
 _toc.yml                                      |  1 +
 admin-guide/configuration.md                  |  4 +++
 .../configuration/central_logging_elastic.md  | 28 +++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 admin-guide/configuration/central_logging_elastic.md

diff --git a/_toc.yml b/_toc.yml
index d21ad5e1..86a1c106 100644
--- a/_toc.yml
+++ b/_toc.yml
@@ -36,6 +36,7 @@ chapters:
       - file: admin-guide/configuration
         sections:
           - file: admin-guide/configuration/icinga2
+          - file: admin-guide/configuration/central_logging_elastic
           - file: admin-guide/configuration/mount
           - file: admin-guide/configuration/distribute_files
           - file: admin-guide/configuration/vgroot
diff --git a/admin-guide/configuration.md b/admin-guide/configuration.md
index 986f8df2..a78766ae 100644
--- a/admin-guide/configuration.md
+++ b/admin-guide/configuration.md
@@ -5,6 +5,9 @@ Here starts a so far small collections of configuration guides for sysadmins of
 ## Monitoring
 - [Icinga2](configuration/icinga2)
 
+## Logging
+- [Setup Central Logging to Elastic](configuration/central_logging_elastic)
+
 ## Basic Setup
 - [Mounting Volumes](configuration/mount)
 - [Distribute Files](configuration/distribute_files)
@@ -25,3 +28,4 @@ Here starts a so far small collections of configuration guides for sysadmins of
 - [SSH Host Hopping as Root (e.g. between cluster members)](configuration/ssh_host_hopping)
 - [Install Citrix VDA](configuration/citrix_vda)
 - [Sending / Relaying Emails](configuration/configuration_email)
+
diff --git a/admin-guide/configuration/central_logging_elastic.md b/admin-guide/configuration/central_logging_elastic.md
new file mode 100644
index 00000000..75f05dc3
--- /dev/null
+++ b/admin-guide/configuration/central_logging_elastic.md
@@ -0,0 +1,28 @@
+# Configure Central Logging to Elastic
+
+To ship the logs of a system to the central logging service (Elastic) following pre steps are needed:
+
+1. Have a space in Elastic to ship the logs to
+2. Have a space API key
+
+Both prerequisites you can check with / talk to Michel Rebmann (michel.rebmann@psi.ch) / Group 9522
+
+
+Afterwards the log shipping can be configures as follows in hiera:
+
+```
+base::enable_elastic: true
+elastic::space: 'lx'
+elastic::space_api_key: 'yoursuperstrangeapikey'
+```
+
+```{note}
+Replace the space name as well as the space_api_key according to your setup.
+```
+
+By default __all__ journald logs are shipped to the central Elastic instance. If you want to __limit__ the logs to specific units, the units can be specified as follows:
+
+```
+elastic::systemd_units:
+    - 'sshd.service'
+```