Configure Elastic Stack¶

For an overview of Elastic Stack and its components used with PLOSSYS 5 or easyPRIMA, refer to Elastic Stack.

In Elasticsearch, different indices are used for the log, statistics, audit and accounting data of PLOSSYS 5. For easyPRIMA, only the audit data is configured in Kibana so far.

Hint - update for audit data

Audit data for PLOSSYS 5 has been introduced with 5.3.3. When updating to PLOSSYS 5.3.3, you have to adjust filebeat.yml manually as described in Update on Windows or Update on Linux and restart the PLOSSYS system.

For the different indices, you can configure the housekeeping in Elasticsearch (Index Lifecycle Management, ILM). For the configuration, the load-config script is provided by SEAL Systems in the SEAL Elastic Stack package as of version 7.16.0.53 or you can proceed step-by-step in the Kibana user interface. The step-by-step instructions are described in Configure Elastic Stack Step-by-Step.

Only the common index pattern for the audit indices of PLOSSYS 5 and easyPRIMA will not be configured by the load-config script. For the required steps for this, refer to Create a Common Index Pattern for the Audit Indices below.

The `load-config` Script¶

SEAL Elastic Stack as of version 7.16.0.53 provides the load-config script and several configuration files for creating all necessary components for the housekeeping of the stored data for both PLOSSYS 5 and easyPRIMA.

Windows: C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1
Linux: /opt/seal/seal-kibana/configuration/load-config.sh

In the non-overwrite mode, the load-config script checks if the specific index exists and creates only settings that do not yet exist. In the overwrite mode, some settings will be overwritten. Independent of the mode, the dashboard configurations are always overwritten in order to ensure consistency of the consecutive configurations.

Hint - Usage

Call the configuration script with -h or -help in order to get the usage.

Execute the Script¶

Stop the seal-filebeat services on all PLOSSYS 5 servers (if already installed) so that no new data will be sent to Elasticsearch:
```
plossys service stop seal-filebeat
```
By default, the configuration fits for the installation of PLOSSYS 5 and easyPRIMA. If you want to modify it, change the configuration on the management server in the directory structure described in Configure the Script below.
On the management server, open a PowerShell (Administrator) on Windows or a shell on Linux and call the load-config script for PLOSSYS 5:
- Windows:
```
C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1
```
- Linux:
```
/opt/seal/seal-kibana/configuration/load-config.sh
```

Call the load-config script for a second time for easyPRIMA if desired:

Windows:

C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1 -c seal-easyprima

Linux:

/opt/seal/seal-kibana/configuration/load-config.sh -c seal-easyprima

Start the seal-filebeat services on all PLOSSYS 5 servers (if already installed):
```
plossys service start seal-filebeat
```

Configure the Script¶

The load-config scripts scans through the following directory structure and uses the JSON files found there for the configuration of the different components of Elastic Stack. If a JSON file or a subdirectory does not exist, the load-config script skips the configuration of the correspondent component:

Windows: C:\Program Files\SEAL Systems\seal-kibana\configuration\<product_name>
Linux: /opt/seal/seal-kibana/configuration/<product_name>

The subdirectories within the product-specific directories contain the JSON files for the different components:

index: Elasticsearch index
index-lifecycle-policy: Housekeeping of the data in the specific index
index-pattern: Index patterns for accessing the data stored in the specific index
index-template: Template used when creating the index

The JSON files in the component-specific directories are named according to the data type to be configured:

accounting.json
audit.json
log.json
statistics.json

Additionally, the following subdirectories in the product-specific directories contain JSON files for configuring some preconfigured dashboard and workspaces of Kibana:

dashboard: Dashboard for visualizing the log data of PLOSSYS 5
workspace

Example - configuration directory contained in delivery with SEAL Elastic Stack 7.16.0.53

Configuration Directory of Kibana

Backup Files¶

Before changing existent settings, the load-config script saves the correspondent original files into the following directory:

Windows: $env:TEMP/backup
Linux: $HOME/tmp/backup

Log File¶

Error messages of the load-config script are logged into a log file in the following directory:

Windows: $env:TEMP/log
Linux: $HOME/tmp/log

Create a Common Index Pattern for the Audit Indices¶

The audit data of PLOSSYS 5 is stored in the seal-plossys-5-audit index. The audit data of easyPRIMA is stored in the seal-easyprima-audit index. For these indices, you can create a common index pattern seal-*-audit to access the audit data of both products.

For accessing the audit data both of PLOSSYS 5 and easyPRIMA, create a common index pattern:

Change to Index Patterns in the Kibana section and click Create index pattern.
While typing seal-*-audit in Index pattern name, the list below shrinks to the fitting indices. Click Next step:
Select @timestamp from the list of available fields for refreshing the data and click Create index pattern:

Optionally, click Show advanced settings, enter seal-*-audit as Custom index pattern ID and click Create index pattern:
Select the seal-*-audit index pattern and configure the view:

Indices for PLOSSYS 5¶

The indices used in Elasticsearch for the log and statistics data of PLOSSYS 5 are specified in the following keys in the PLOSSYS 5 system:

ELASTICSEARCH_INDEX_LOG: Index used for the log data
ELASTICSEARCH_INDEX_STATISTICS: Index used for the statistics data