This guide describes how to install the yuuvis® RAD metrics-manager.
...
- core-service
- Navigate to the logging configuration of the REST-WS gui page at http://<gateway>/rest-ws/#PAGE:monitor/logging
Set the logger "com.os.ecm.ws.metrics" to the log level "TRACE".
Make sure that "use parent handler" is not checked.- The change takes immediate effect.
- service-manager
- Edit the file <service-manager>\config\application-prod.yml
- Set the parameter "monitoring.trace.enabled" to true
- Save the file and restart the service-manager
...
- For Kibana a SSL/TLS certifcate in .cer / .crt and .key format is required. Place these two files in the
<mertrics-manager>\configfolder - Open the
<metrics-manager>\config\kibana.ymlfile for editing- Uncomment the following three lines and replace
certificate.cerandcertificate.keywith the file names of your certificate filesserver.ssl.enabled: trueserver.ssl.certificate: ../../../config/certificate.cerserver.ssl.key: ../../../config/certificate.key - Find the below lines and replace the hostname with the exact hostname defined in the certificate
server.host: "metrics.optimal-systems.de"server.name: "metrics.optimal-systems.de" - Find the below line and change the protocol from http to https:
server.publicBaseUrl: "https://metrics.optimal-systems.de:5601"
Note: Do the following only if you're also enabling HTTPS for elasticsearch: - Find the below line and change the protocol from http to https:
elasticsearch.hosts: ["https://metrics.optimal-systems.de:5200"] - Find the below line and uncomment it. If the used certificate is self-signed, set the value to
none, otherwise leave it atfullelasticsearch.ssl.verificationMode: none
- Uncomment the following three lines and replace
- Save the file and restart Kibana. It is now accessible via
https://metrics.optimal-systems.de:5601.
Elasticsearch
To enable HTTPS in elasticsearch, a certificate in .p12 format (the same as for the gateway microservice) can be used. If Elasticsearch is set to HTTPS communication, the configuration of Kibana and Logstash needs to be changed so that https is used for communication with Elasticsearch. This can be done by following the below steps:
- ElasticsearchPlace the certificate file in the <metrics-For ElastAlert2 to generate links to the new HTTPS address, edit the file
<metrics-manager>\config\elastalert\elastalert.yaml and set the URL of the parameter 'kibana_discover_app_url:' to a) use HTTPS and b) use the hostname defined in the certificate instead of an IP address.
Elasticsearch
To enable HTTPS in elasticsearch, a certificate in .p12 format (the same as for the gateway microservice) can be used. If Elasticsearch is set to HTTPS communication, the configuration of Kibana, Logstash and ElastAlert2 needs to be changed so that https is used for communication with Elasticsearch. This can be done by following the below steps:
- Elasticsearch
- Place the certificate file in the
<metrics-manager>\config\elasticsearchfolder. - Edit the
<metrics-manager>\config\elasticsearch\elasticsearch.ymlfile. - Add the following lines at the end of the file. Replace certificate.p12 with the filename of your certificate and 'password' with the password for your certificate
xpack.security.http.ssl.enabled: truexpack.security.http.ssl.verification_mode: certificatexpack.security.http.ssl.keystore.path: certificate.p12xpack.security.http.ssl.keystore.password: password - Save the file and restart Elasticsearch. It is now available at
https://<certificate-hostname>:5200
- Place the certificate file in the
- Kibana
- If not already configured in the above steps (Kibana), follow these steps to use https communication with Elasticsearch.
- Find the below line and change the protocol from http to https:
elasticsearch.hosts: ["https://<certificate-hostname>:5200"] - Find the below line and uncomment it. If the used certificate is self-signed, set the value to
none, otherwise leave it atfullelasticsearch.ssl.verificationMode: none
- Logstash
- Edit the file
<metrics-manager>\config\logstash\logstash.conffile. - Find the following lines and change the url from
http://<ip>:5200tohttps://<certificate-hostname>:5200output {elasticsearch {hosts => ["https://metrics.optimal-systems.de:5200"]
- Edit the file
Logstash
- For ElastAlert2
- Edit the file
<metrics-manager>\config\elastalert\elastalert.yaml Uncomment the line 'use_ssl: True'Uncomment the line 'verify_certs: True' and set the value to 'False'
- Edit the file
Logstash
- For Logstash a SSL/TLS certifcate in .cer / .crt and .key format is required. The .key file needs to be in unencrypted PKCS8 format. Place these two files in the
<mertrics-manager>\config\logstashfolder. Open the file
<metrics-manager>\config\logstash\logstash.conffile and and expand the input section to look like below:Code Block language java input { # input from filebeat beats { # the port to listen on port => 5044 ssl => true ssl_certificate => "D:\yuuvis\metrics-manager\config\logstash\certificate.cer" ssl_key => "D:\yuuvis\metrics-manager\config\logstash\certificate.key" ssl_verify_mode => "none" } }Replace the
certificate.cerandcertificate.keyfile names with the actual names of the certificate files. If the certificate is self-signed usessl_verify_modewith valuenone(as shown above). Else, useforce_peeras value. Only absolute paths are valid.of the certificate files. If the certificate is self-signed usessl_verify_modewith valuenone(as shown above). Else, useforce_peeras value. Only absolute paths are valid.
Filebeat
- Open the file
<metrics-manager>\config\logstash\filebeat.ymlfile and find the section 'output.logstash' - change the hosts parameter to contain the hostname of the certificate instead of an IP.
output.logstash:
# The Logstash hosts
hosts: ["schmittberger.optimal-systems.de:5044"] - Add the following two lines right below the hosts parameter (if you have a self-signed certificate use the verification_mode 'none like below else use 'full'):
ssl.enabled: true
ssl.verification_mode: none