This guide describes how to install the yuuvis® RAD metrics-manager.
...
- core-service
- Navigate to the logging configuration of the REST-WS gui page at http://<gateway>/rest-ws/#PAGE:monitor/logging
Set the logger "com.os.ecm.ws.metrics" to the log level "TRACE".
Make sure that "use parent handler" is not checked.- The change takes immediate effect.
- service-manager
- Edit the file <service-manager>\config\application-prod.yml
- Set the parameter "monitoring.trace.enabled" to true
- Save the file and restart the service-manager
...
Elastalert2 (optional)
If you chose to use elastalert2 Elastalert2 to receive e-mail/Teams notifications about critical and error situations, these are the predefined rules that trigger an alert :
...
The list of e-mail recipients is globally defined in the file <metrics-manager>\config\elastalert\elastalert.yaml file in the 'email' field. The value can either be a single address or an array of addresses in the form ["recipient@one", "recipient@two", ...]. You can also overwrite this list within the rule - files.
Enabling HTTPS
...
Communication
To enable HTTPS communication for Kibana (external) and/or for Elasticsearch, Logstash, Metricbeat and Filebeat (internal) follow the below instructions:
...
- For Kibana a SSL/TLS certifcate in .cer / .crt and .key format is required. Place these two files in the folder
<mertrics-manager>\configfolder - Open th file the
<metrics-manager>\config\kibana.ymlfile for editing- Uncomment the following three lines and replace "
certificate.cer" and "certificate.key" with the file names of your certificate filesserver.ssl.enabled: trueserver.ssl.certificate: ../../../config/certificate.cerserver.ssl.key: ../../../config/certificate.key - Find the below lines and replace the hostname with the exact hostname defined in the certificate
server.host: "metrics.optimal-systems.de"server.name: "metrics.optimal-systems.de" - Find the below line and change the protocol from http to https:
server.publicBaseUrl: "https://metrics.optimal-systems.de:5601"
Note: Do the following only if you're also enable enabling HTTPS for elasticsearch: - Find the below line and change the protocol from http to https:
elasticsearch.hosts: ["https://metrics.optimal-systems.de:5200"] - Find the below line and uncomment it. If the used certificate is self-signed, set the value to '
none" else , otherwise leave it at 'full'elasticsearch.ssl.verificationMode: none
- Uncomment the following three lines and replace "
- Save the file and restart Kibana. It is now accessible via "via
https://metrics.optimal-systems.de:5601".
Elasticsearch
To enable HTTPS in elasticsearch a certificate in .p12 format (the same as for the gateway-microservice) can be used. If Elasticsearch is set to HTTPS communication, the configuration of Kibana and Logstash needs to be changed so that https is used for communication with Elasticsearch. This can be done by following the below steps:
...
- Edit the file <metrics-manager>\config\logstash\logstash.conf
- Find the following lines and change the url from http://<ip>:5200 to https://<certificate-hostname>:5200
output {
elasticsearch {
hosts => ["https://metrics.optimal-systems.de:5200"]
Logstash
- For Logstash a SSL/TLS certifcate in .cer / .crt and .key format is required. The .key file needs to be in unencrypted PKCS8 format. Place these two files in the folder <mertrics-manager>\config\logstash
Open the file <metrics-manager>\config\logstash\logstash.conf and expand the input section to look like below:
For ElastAlert2 to generate links to the new HTTPS address, edit the<metrics-manager>\config\elastalert\elastalert.yamlfile and set the URL of thekibana_discover_app_url:parameter to a) use HTTPS and b) use the hostname defined in the certificate instead of an IP address.- If you already have a certificate in .p12 format (for example for the gateway microservice) then you can generate the .cer and .key certificate files using the Keystore Explorer tool by the following steps:
- Open the .p12 certificate in the Keystore Explorer.
- Right click on the certificate and choose Export → Export certificate chain. This will create the .cer file
- Right click on the certificate and choose Export → Export private key. Choose PKCS #8 as the format. In the following dialog uncheck encryption. This will generate the .key file.
- These files can also be use for Logstash (see below).
Elasticsearch
To enable HTTPS in elasticsearch, a certificate in .p12 format (the same as for the gateway microservice) can be used. If Elasticsearch is set to HTTPS communication, the configuration of Kibana, Logstash and ElastAlert2 needs to be changed so that https is used for communication with Elasticsearch. This can be done by following the below steps:
- Elasticsearch
- Place the certificate file in the
<metrics-manager>\config\elasticsearchfolder. - Edit the
<metrics-manager>\config\elasticsearch\elasticsearch.ymlfile. - Add the following lines at the end of the file. Replace certificate.p12 with the filename of your certificate and 'password' with the password for your certificate
xpack.security.http.ssl.enabled: truexpack.security.http.ssl.verification_mode: certificatexpack.security.http.ssl.keystore.path: certificate.p12xpack.security.http.ssl.keystore.password: password - Save the file and restart Elasticsearch. It is now available at
https://<certificate-hostname>:5200
- Place the certificate file in the
- Kibana
- If not already configured in the above steps (Kibana), follow these steps to use https communication with Elasticsearch.
- Find the below line and change the protocol from http to https:
elasticsearch.hosts: ["https://<certificate-hostname>:5200"] - Find the below line and uncomment it. If the used certificate is self-signed, set the value to
none, otherwise leave it atfullelasticsearch.ssl.verificationMode: none
- Logstash
- Edit the file
<metrics-manager>\config\logstash\logstash.conf. - Find the following lines and change the url from
http://<ip>:5200tohttps://<certificate-hostname>:5200output {elasticsearch {hosts => ["https://metrics.optimal-systems.de:5200"]
- Edit the file
- ElastAlert2
- Edit the file
<metrics-manager>\config\elastalert\elastalert.yaml Uncomment the line 'use_ssl: True'Uncomment the line 'verify_certs: True' and set the value to 'False'
- Edit the file
Logstash
- For Logstash a SSL/TLS certifcate in .cer / .crt and .key format is required. The .key file needs to be in unencrypted PKCS8 format. Place these two files in the
<mertrics-manager>\config\logstashfolder. Open the file
<metrics-manager>\config\logstash\logstash.confand expand the input section to look like below:Code Block language java input { # input from filebeat beats { # the port to listen on port => 5044 ssl => true ssl_certificate => true"D:\yuuvis\metrics-manager\config\logstash\certificate.cer" ssl_key => "D:\yuuvis\metrics-manager\config\logstash\certificate.key" ssl_certificateverify_mode => "D:\yuuvis\metrics-manager\config\logstash\certificate.cer" ssl_key => "D:\yuuvis\metrics-manager"none" } }Replace the
certificate.cerandcertificate.keyfile names with the actual names of the certificate files. If the certificate is self-signed usessl_verify_modewith valuenone(as shown above). Else, useforce_peeras value. Only absolute paths are valid.
Filebeat
- Open the file
<metrics-manager>\config\logstash\certificate.key" ssl_verify_mode => "none" } }Replace the certificate.cer and certificate.key file names with the actual names of the certificate files. If the certificate is self-signed use 'ssl_verify_mode" value "none" (as shown above) else use "force_peer" as the value. Only absolute paths are valid.filebeat.ymlfile and find the section 'output.logstash' - change the hosts parameter to contain the hostname of the certificate instead of an IP.
output.logstash:
# The Logstash hosts
hosts: ["schmittberger.optimal-systems.de:5044"] - Add the following two lines right below the hosts parameter (if you have a self-signed certificate use the verification_mode 'none like below else use 'full'):
ssl.enabled: true
ssl.verification_mode: none