auth key
All checks were successful
Test and Publish Templates / test-and-publish (push) Successful in 39s
All checks were successful
Test and Publish Templates / test-and-publish (push) Successful in 39s
This commit is contained in:
Your Name
100
logserver/SETUP.md
Normal file
100
logserver/SETUP.md
Normal file
@@ -0,0 +1,100 @@
|
||||
# LogServer Quick Setup Guide
|
||||
|
||||
## Prerequisites
|
||||
- Docker and Docker Compose installed
|
||||
- 4GB+ RAM, 10GB+ disk space
|
||||
- Port 5601 (Kibana) and 5044 (Logstash) available
|
||||
|
||||
## Initial Setup
|
||||
|
||||
### 1. System Configuration
|
||||
```bash
|
||||
# Required for Elasticsearch
|
||||
sudo sysctl -w vm.max_map_count=262144
|
||||
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
|
||||
```
|
||||
|
||||
### 2. Configure Server
|
||||
Edit `config/service.env`:
|
||||
```bash
|
||||
# Change default password
|
||||
KIBANA_PASSWORD=your-secure-password
|
||||
```
|
||||
|
||||
### 3. Install
|
||||
```bash
|
||||
dropshell install logserver
|
||||
```
|
||||
|
||||
## Generate Client API Keys
|
||||
|
||||
Run the interactive key generator:
|
||||
```bash
|
||||
./generate-api-key.sh
|
||||
```
|
||||
|
||||
Follow the prompts:
|
||||
1. Enter hostname for each client
|
||||
2. Script generates secure API key
|
||||
3. Shows configuration to copy to client
|
||||
4. Repeat for additional clients
|
||||
|
||||
## Access Kibana
|
||||
|
||||
1. Open browser: `http://your-server-ip:5601`
|
||||
2. Login: `elastic` / `your-secure-password`
|
||||
3. Create index pattern: `filebeat-*`
|
||||
4. View logs in Discover tab
|
||||
|
||||
## Add Log Clients
|
||||
|
||||
On each client machine:
|
||||
```bash
|
||||
# Get API key from server admin (they run ./generate-api-key.sh)
|
||||
|
||||
# Edit logclient/config/service.env:
|
||||
LOGSERVER_HOST=your-server-ip
|
||||
LOGSERVER_PORT=5044
|
||||
API_KEY=your-api-key-here
|
||||
|
||||
# Install and start
|
||||
dropshell install logclient
|
||||
```
|
||||
|
||||
## Verify Setup
|
||||
|
||||
```bash
|
||||
# Check server status
|
||||
dropshell status logserver
|
||||
|
||||
# View server logs
|
||||
dropshell logs logserver
|
||||
|
||||
# Test client connection (from client)
|
||||
docker logs logclient-filebeat | grep "connection"
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
**Elasticsearch won't start**: Check `vm.max_map_count` is 262144+
|
||||
|
||||
**No logs in Kibana**:
|
||||
- Verify client can reach server port 5044
|
||||
- Check API key is correct in client's service.env
|
||||
- Verify API key exists in server's api-keys.yml
|
||||
- Refresh index pattern in Kibana
|
||||
|
||||
**High memory usage**: Adjust heap sizes in `service.env`:
|
||||
```bash
|
||||
ES_HEAP_SIZE=1g # Reduce from 2g
|
||||
LS_HEAP_SIZE=512m # Reduce from 1g
|
||||
```
|
||||
|
||||
## Security Checklist
|
||||
|
||||
- [ ] Changed default Kibana password
|
||||
- [ ] Generated unique API key per client
|
||||
- [ ] API keys stored securely
|
||||
- [ ] Firewall allows only necessary ports (5601, 5044)
|
||||
- [ ] Regular backup configured
|
||||
- [ ] Reviewed api-keys.yml for old/unused keys
|
||||
Reference in New Issue
Block a user