26 Centralized Log File Monitoring Using Elasticsearch and Kibana
The instructions in this section are applicable to hosts outside of the Kubernetes cluster. For example, web tier and database hosts.
Before completing these steps, ensure the following:
- You have access to a centralized Elasticsearch deployment.
- If this is a Kubernetes deployment of Elasticsearch and Kibana, you have configured external access through the NodePort Services.
- You have network access to the Kubernetes/Elasticsearch NodePort ports from the source host.
- If you are using an Elasticsearch self-signed certificate, ensure that
the Kubernetes name attached to the certificate is resolvable on the origin hosts.
For example:
10.0.0.1 k8workers.example.com elasticsearch-es-http.elkns.es.local
If the Kubernetes name fails to resolve, you will encounter certificate exceptions.
For further information, see the official supplier documentation at https://www.elastic.co.
This chapter includes the following topics:
- Obtaining the Fingerprint of the Elasticsearch Certificate
To configure the Filebeat module, you need to derive the fingerprint of the Elasticsearch certificate from the local copy you have already created. - Obtaining and Installing Filebeat
You should use thecurl
command to obtain and install Filebeat. - Updating the Filebeat Configuration
After you install Filebeat, you need to configure it so that it knows where Elasticsearch and Kibana instances are located. - Sending OHS Logs to Elasticsearch
Oracle HTTP Server is based on Apache. Therefore, you can use the built-in Filebeat Apache module to interpret log files for Oracle HTTP Servers. - Sending the Database Audit Logs to Elasticsearch
Elasticsearch has a predefined module for sending Oracle Database audit logs to the Elasticsearch server. - Setting Up and Starting Filebeat
When setting up Filebeat, ensure that the command succeeds without any error. If any errors are encountered, resolve them before continuing.
Obtaining the Fingerprint of the Elasticsearch Certificate
Obtain the fingerprint of the certificate by using the following command:
openssl x509 -noout -fingerprint -sha256 -inform pem -in ~/workdir/ELK/ca.crt | sed 's/://g
SHA256 Fingerprint=361A6E52F1936173795ABE36BB0F3A34185DD5A395BB9CECE0D8437EE16C2E44
Updating the Filebeat Configuration
After you install Filebeat, you need to configure it so that it knows where Elasticsearch and Kibana instances are located.
Sending OHS Logs to Elasticsearch
Oracle HTTP Server is based on Apache. Therefore, you can use the built-in Filebeat Apache module to interpret log files for Oracle HTTP Servers.
Enabling and Configuring the Apache Module
Parent topic: Sending OHS Logs to Elasticsearch
Sending the Database Audit Logs to Elasticsearch
Elasticsearch has a predefined module for sending Oracle Database audit logs to the Elasticsearch server.
Enabling and Configuring the Oracle Module
Parent topic: Sending the Database Audit Logs to Elasticsearch