Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 0bf63237 authored by 9S's avatar 9S Committed by GitHub
Browse files

Update README.md

parent c850be75
Branches
Tags
No related merge requests found
......@@ -29,6 +29,14 @@ The result will look like this:
### LOGSTASH HOST
1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash/)
1.1 if you have other files in this folder make sure to properly edit the input/output/filter sections to avoid matching our filebeat dns logs in these files which may be processed earlier. For testing purposes you can name your conf files like so:
/conf.d/20-dns-syslog.conf
/conf.d/30-other1.conf
/conf.d/40-other2.conf
This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the beginning.
2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
3. copy "dns" to "/etc/logstash/patterns/"
4. restart logstash
......@@ -38,13 +46,21 @@ The result will look like this:
6. customize "LOGSTASHHOST:5141" to match your logstash hostname/ip
7. restart filebeat
9. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
11. restart pi-hole and ensure filebeat is sending logs to logstash before continuing
11. this is very important: restart pi-hole and ensure filebeat is sending logs to logstash before proceeding
11.1 You can verify this by:
11.2 at your filebeat instance: "filebeat test output" - it should say "ok" on every step.
12. again: the following steps will not work correctly if sending data to logstash here is not successfull!
### KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)
12. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
13. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns*
14. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console
15. optionally reload kibanas field list
14.1 click the green triangle in the upper right of the pasted content (first line). Output should be:
{
"acknowledged" : true
}
15. optionally reload kibanas field list via: Management -> Index patterns -> type logstash-syslog-dns*
15. click the curved arrows on the top left
You should then be able to see your new dashboard and visualizations.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment