NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 3

changes.mady.by.user Bauer, Scott (NIH/NCI) [C]

Saved on

compared with

New Version Current

changes.mady.by.user Bauer, Scott (NIH/NCI) [C]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Kabana Configuration - default

Filebeat Configuration

...

View file
name

...

filebeat.yml
Last login: Wed May 19 08:42:37 on console
-------------------------------------------------------------------------------
***WARNING***
-------------------------------------------------------------------------------
YOU ARE ACCESSING A U.S. GOVERNMENT (USG) INFORMATION SYSTEM (IS) THAT IS PROVIDED FOR USG AUTHORIZED USE ONLY. BY USING THIS IS, YOU CONSENT TO THE FOLLOWING CONDITIONS:
- THE USG ROUTINELY MONITORS COMMUNICATIONS OCCURRING ON THIS IS, AND ANY DEVICE ATTACHED TO THIS IS, FOR PURPOSES INCLUDING, BUT NOT LIMITED TO, PENETRATION TESTING, COMSEC MONITORING, NETWORK DEFENSE, QUALITY CONTROL, EMPLOYEE MISCONDUCT, LAW ENFORCEMENT, AND COUNTERINTELLIGENCE INVESTIGATIONS.
- AT ANY TIME, THE USG MAY INSPECT AND/OR SEIZE DATA STORED ON THIS IS AND ANY DEVICE ATTACHED TO THIS IS.
- COMMUNICATIONS OCCURRING ON OR DATA STORED ON THIS IS, OR ANY DEVICE ATTACHED TO THIS IS, ARE NOT PRIVATE. THEY ARE SUBJECT TO ROUTINE MONITORING AND SEARCH.
- ANY COMMUNICATIONS OCCURRING ON OR DATA STORED ON THIS IS, OR ANY DEVICE ATTACHED TO THIS IS, MAY BE DISCLOSED OR USED FOR ANY USG-AUTHORIZED PURPOSE.
- SECURITY PROTECTIONS MAY BE UTILIZED ON THIS IS TO PROTECT CERTAIN INTERESTS THAT ARE IMPORTANT TO THE USG. FOR EXAMPLE, PASSWORDS, ACCESS CARDS, ENCRYPTION OR BIOMETRIC ACCESS CONTROLS PROVIDE SECURITY FOR THE BENEFIT OF THE USG. THESE PROTECTIONS ARE NOT PROVIDED FOR YOUR BENEFIT OR PRIVACY AND MAY BE MODIFIED OR ELIMINATED AT THE USG DISCRETION.
-------------------------------------------------------------------------------
NCI-02196725-ML:~ bauerhs$ cd /usr/local/etc/filebeat/
NCI-02196725-ML:filebeat bauerhs$ vi filebeat.yml
# Set to true to enable instrumentation of filebeat.
#enabled: false
# Environment in which filebeat is running on (eg: staging, production, etc.)
#environment: ""
# APM Server hosts to report instrumentation results to.
#hosts:
# - http://localhost:8200
# API Key for the APM Server(s).
# If api_key is set then secret_token will be ignored.
#api_key:
# Secret token for the APM Server(s).
#secret_token:
# ================================= Migration ==================================
# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true
height250

Apache Module Configuration

Code Block
languageyml
# Module: apache
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.9/filebeat-module-apache.html

- module: apache
  # Access logs
  access:
    enabled: true
    var.paths: ["/var/log/apache/access.log"]
    ##The type:access_log will help us point these logs to the right direction
    #input:
     # processors:
       # - add_fields:
           # target: fields
            #fields:
             # codec: plain
              #type: access_log
~

Java Code Snippet for Elasticsearch Query Over Indexes of Parsed Logs

We'll need a java implementation to Elasticsearch's REST API to provide to the service side of a Spring Boot based web application UI. 

Code Block
titleRestTest.java
package search.client.test;

import java.io.IOException;
import java.util.concurrent.TimeUnit;

import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Request;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHits;
import org.elasticsearch.search.builder.SearchSourceBuilder;

public class RestTest {
	
	
	public void run() {

	RestClientBuilder builder =  RestClient.builder(
	        new HttpHost("localhost", 9200, "http"));
	Header[] defaultHeaders = new Header[]{new BasicHeader("header", "value")};
	builder.setDefaultHeaders(defaultHeaders); 
	builder.setRequestConfigCallback(
		    new RestClientBuilder.RequestConfigCallback() {
		        @Override
		        public RequestConfig.Builder customizeRequestConfig(
		                RequestConfig.Builder requestConfigBuilder) {
		            return requestConfigBuilder.setSocketTimeout(10000); 
		        }
		    });

	RestHighLevelClient restClient = new RestHighLevelClient(builder);
	SearchSourceBuilder sourceBuilder = new SearchSourceBuilder(); 
	sourceBuilder.query(QueryBuilders.termQuery("event.outcome", "failure")); 
	sourceBuilder.from(0); 
	sourceBuilder.size(5); 
	sourceBuilder.timeout(new TimeValue(60, TimeUnit.SECONDS)); 
	
	SearchRequest searchRequest = new SearchRequest();
	//searchRequest.indices("posts");
	searchRequest.source(sourceBuilder);
	
	SearchResponse searchResponse = null;

	
	try {
		searchResponse = restClient.search(searchRequest, RequestOptions.DEFAULT);
		restClient.close();
	} catch (IOException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	}
	
	SearchHits hits = searchResponse.getHits();
	hits.forEach(x -> System.out.println(x.toString()));
	}
	
	public static void main(String ...strings ) {
		new RestTest().run();
	}
}