From 86a24f2b64f9965547851ac8b257b90043926e34 Mon Sep 17 00:00:00 2001 From: Vivek Saraswat Date: Mon, 17 Oct 2016 14:08:14 -0700 Subject: [PATCH 1/2] Add ELK stack example to UCP logging Adds an ELK stack example to the UCP logging page as a real-world example of how you could use Syslog feature. The ELK stack example has been sitting around internally for awhile, so let's provide as a customer-facing example. --- ucp/configuration/configure-logs.md | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/ucp/configuration/configure-logs.md b/ucp/configuration/configure-logs.md index 9666d2a96a2..2270a2297b1 100644 --- a/ucp/configuration/configure-logs.md +++ b/ucp/configuration/configure-logs.md @@ -22,6 +22,42 @@ You can configure UCP for sending logs to a remote logging service: ![](../images/settings-log.png) +## Example: Setting up an ELK stack + +One popular logging stack is composed of Elasticsearch, Logstash and +Kibana. The following example demonstrates how to set up an example +deployment which can be used for logging. + +```sh +docker volume create --name orca-elasticsearch-data + +docker run -d \ + --name elasticsearch \ + -v orca-elasticsearch-data:/usr/share/elasticsearch/data \ + elasticsearch elasticsearch -Des.network.host=0.0.0.0 + +docker run -d \ + -p 514:514 \ + --name logstash \ + --link elasticsearch:es \ + logstash \ + sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts => [ \"es\" ] } } filter { json { source => \"message\" } }'" + +docker run -d \ + --name kibana \ + --link elasticsearch:elasticsearch \ + -p 5601:5601 \ + kibana +``` + +Once you have these containers running, configure UCP to send logs to +the IP of the Logstash container. You can then browse to port 5601 on the system +running Kibana and browse log/event entries. You should specify the "time" +field for indexing. + +Note: When deployed in a production environment, you should secure your ELK +stack. UCP does not do this itself, but there are a number of 3rd party +options that can accomplish this (e.g. Shield plug-in for Kibana) ## Where to go next From a2af39862664218c68ad9090d6c8ac310bedd17f Mon Sep 17 00:00:00 2001 From: Joao Fernandes Date: Tue, 25 Oct 2016 15:19:06 -0700 Subject: [PATCH 2/2] Improve UCP logging configuration --- ucp/configuration/configure-logs.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ucp/configuration/configure-logs.md b/ucp/configuration/configure-logs.md index 2270a2297b1..4823344f348 100644 --- a/ucp/configuration/configure-logs.md +++ b/ucp/configuration/configure-logs.md @@ -28,7 +28,7 @@ One popular logging stack is composed of Elasticsearch, Logstash and Kibana. The following example demonstrates how to set up an example deployment which can be used for logging. -```sh +```none docker volume create --name orca-elasticsearch-data docker run -d \ @@ -50,12 +50,12 @@ docker run -d \ kibana ``` -Once you have these containers running, configure UCP to send logs to -the IP of the Logstash container. You can then browse to port 5601 on the system -running Kibana and browse log/event entries. You should specify the "time" +Once you have these containers running, configure UCP to send logs to +the IP of the Logstash container. You can then browse to port 5601 on the system +running Kibana and browse log/event entries. You should specify the "time" field for indexing. -Note: When deployed in a production environment, you should secure your ELK +When deployed in a production environment, you should secure your ELK stack. UCP does not do this itself, but there are a number of 3rd party options that can accomplish this (e.g. Shield plug-in for Kibana)