1.5 KiB
1.5 KiB
Configure Central Logging to Elastic
To ship the logs of a system to the central logging service (Elastic) following pre steps are needed:
- Have a space in Elastic to ship the logs to
- Have a space API key
Both prerequisites you can check with / talk to Michel Rebmann (michel.rebmann@psi.ch) / Group 9522, which will provide a configuration similar to the following:
{
"id" : "${space_id}",
"name" : "input_${space_name}",
"api_key" : "${space_api_key}",
"encoded" : "${space_encoded_key}"
}
Afterwards the log shipping can be configures as follows in hiera:
base::enable_elastic: true
elastic::space: "${space_name}"
elastic::space_api_key: "${space_id}:${space_api_key}" # The resulting string should be encrypted
Replace the space name as well as the space_api_key according to your setup.
Notice that space contains the name without the input_ prefix, while space_api_key contains a :-separated value:
- the first part corresponds to the
idof the space, - the second part corresponds to the
api_key. - The resulting string
"${space_id}:${space_api_key}"should be encrypted with eyaml
By default all journald logs are shipped to the central Elastic instance. If you want to limit the logs to specific units, the units can be specified as follows:
elastic::systemd_units:
- 'sshd.service'