This is my filebeat config for aws-cloudwatch.
type: aws-cloudwatch
log_group_arn: arn:aws:logs:us-x-xxxx1:x:loxxxxxg-group:/aws/aes/domains/xxxxx-dev/:
scan_frequency: 1m
start_position: end
role_arn: arn:aws:iam::xxxxxxxxxxxx:role/ec2-role-xxxxxx-ansible-us-xxxx-1
proxy_uri: http://x.app.xxxxxxx.com:80
enabled: true
I would like to know what are the minimum config I would need to test the setup.
https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-input-aws-cloudwatch.html#filebeat-input-aws-cloudwatch
I am using version 7.13 filebeat.
can role_arn be used instead of credential_profile_name?
Related
I am trying to send data from filebeat to wazuh-indexer directly but I get connection errors between filebeat and elasticsearch. Following is my filebeat configuration:
filebeat.inputs:
- input_type: log
paths:
- /home/siem/first4.log
enable: true
output.elasticsearch:
hosts: ["192.168.0.123:9200"]
protocol: https
index: "test"
username: admin
password: admin
ssl.certificate_authorities:
- /etc/filebeat/certs/root-ca.pem
ssl.certificate: "/etc/filebeat/certs/filebeat-1.pem"
ssl.key: "/etc/filebeat/certs/filebeat-1-key.pem"
setup.template.json.enabled: false
setup.ilm.overwrite: true
setup.ilm.enabled: false
setup.template.name: false
setup.template.pattern: false
#setup.template.json.path: '/etc/filebeat/wazuh-template.json'
#setup.template.json.name: 'wazuh'
#filebeat.modules:
# - module: wazuh
# alerts:
# enabled: true
# archives:
# enabled: false
Following is the error:
2023-01-30T09:29:18.634Z ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.0.123:9200)): Get "https://192.168.0.123:9200": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2023-01-30T09:29:18.635Z INFO [publisher_pipeline_output] pipeline/output.go:145 Attempting to reconnect to backoff(elasticsearch(https://192.168.0.123:9200)) with 1 reconnect attempt(s)
2023-01-30T09:29:18.635Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2023-01-30T09:29:18.635Z INFO [publisher] pipeline/retry.go:223 done
2023-01-30T09:29:46.177Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s
Can anyone tell what mistake am I doing?
Yes, you could send logs directly using Filebeat without a Wazuh agent but that way you won't benefit from the Wazuh analysis engine.
With your current configuration, the logs will be ingested under filebeat-<version>-<date>. Make sure to create an index pattern for these events.
As your logs indicate, there's a connectivity issue between Filebeat and the Wazuh indexer. To diagnose the problem:
Try running the following call to make sure you can reach the Wazuh indexer:
curl -k -u admin:admin https://192.168.0.123:9200
Run a Filebeat test output:
filebeat test output
I just installed filebeat on my remote server to collect logs by an app. Everything seems OK. The ELK stack retrieves the info and I can view it via Kibana.
Today, I want to collect the logs generated by 2 webapps hosted on the same tomcat server. I want to be able to add a field to allow me to create a filter on it on Kibana
I am using the tomcat.yml module which I want to rename as webapp1.yml and webapp2.yml.
In each of these files, I will add a field that corresponds to the name of my webapp
webapp1.yml
- module: tomcat
log:
enabled: true
var.input: file
var.paths:
- c:\app\webapp1.log
var.rsa_fields: true
**var.rsa.misc.context: webapp1**
webapp2.yml
- module: tomcat
log:
enabled: true
var.input: file
var.paths:
- c:\app\webapp2.log
var.rsa_fields: true
**var.rsa.misc.context: webapp2**
But, logstash index do not recognized this new field context
How can i solve this ?
Thanks for help me
So, i find the solution...
- module: tomcat
log:
enabled: true
var.input: file
var.paths:
- c:\app\webapp1.log
# Toggle output of non-ECS fields (default true).
#var.rsa_fields: true
input:
processors:
- add_fields:
target: fields
fields:
application-name: webapp1
I try to set the AWS API Gateway cache using the serverless-api-gateway-caching plugin.
All is working fine, except the cacheSize.
This is my configuration for the caching:
caching:
enabled: true
clusterSize: '13.5'
ttlInSeconds: 3600
cacheKeyParameters:
- name: request.path.param1
- name: request.querystring.param2
The cache is configured correctly, but the cache size is always the default one '0.5'
Any idea about what is wrong?
sls -v
1.42.3
node --version
v9.11.2
serverless-api-gateway-caching: 1.4.0
Regards
Because of "Cache Capacity" setting is global per stage, it is not possible to set it per endpoint.
So the plugin is going to check this parameter only in the servelerless global configuration, ignoring it at the endpoint level.
It means that the right configuration is:
custom:
apiGatewayCaching:
enabled: true
clusterSize: '13.5'
Are there any steps of configuring Spinnaker/Halyard to work on Titus based cluster? - https://netflix.github.io/titus/
There aren't any steps described in the documentation: https://www.spinnaker.io/setup/install/providers/
Also, check this Github issue: https://github.com/spinnaker/spinnaker.github.io/issues/869
There is a sample config in the github repo:
titus:
enabled: true
awsVpc: vpc0 # this is the default vpc used by titus
accounts:
- name: titusdevint
environment: test
discovery: "http://discovery.compary.com/v2"
discoveryEnabled: true
registry: testregistry # reference to the docker registry being used
awsAccount: test # aws account underpinning
autoscalingEnabled: true
loadBalancingEnabled: false # load balancing will be released at a later date
regions:
- name: us-east-1
url: https://myTitus.us-east-1.company.com/
port: 7104
autoscalingEnabled: true
loadBalancingEnabled: false
- name: eu-west-1
url: https://myTitus.eu-west-1.company.com/
port: 7104
autoscalingEnabled: true
loadBalancingEnabled: false
https://github.com/spinnaker/clouddriver/tree/master/clouddriver-titus
Right now you'll have to edit clouddriver.yml manually and then update via halyard
Here all the properties file are in github location,so that I am able to read using uri path ,how I will read if It's in my local system.Can anybody please guide ?
server:
port: 8888
eureka:
instance:
hostname: configserver
client:
registerWithEureka: true
fetchRegistry: true
serviceUrl:
defaultZone: http://discovery:8761/eureka/
spring:
cloud:
config:
server:
git:
uri: https://github.com/****/******
You need to use spring cloud config in native mode, e.g.
spring:
cloud:
config:
server:
bootstrap: true
native:
search-locations: file:///C:/ConfigData
See the following link for more information:
http://cloud.spring.io/spring-cloud-config/spring-cloud-config.html#_file_system_backend