Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit f6135cf8 authored by 9S's avatar 9S Committed by GitHub
Browse files

Update README.md

parent 4e563a9c
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 17 additions and 13 deletions
README.md
+ 17
13
View file @ f6135cf8
......@@ -35,17 +35,17 @@ The result will look like this:
1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash/)
1.1 if you have other files in this folder make sure to properly edit the input/output/filter sections to avoid matching our filebeat dns logs in these files which may be processed earlier. For testing purposes you can name your conf files like so:
```
/conf.d/20-dns-syslog.conf
/conf.d/30-other1.conf
/conf.d/40-other2.conf
```
This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the beginning.
2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
3. copy "dns" to "/etc/logstash/patterns/"
3. copy "dns" to:
```/etc/logstash/patterns/``` create the folder if it does not exist
4. restart logstash
......@@ -56,12 +56,15 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin
8. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
9. this is very important: restart pi-hole and ensure filebeat is sending logs to logstash before proceeding
10. You can verify this by:
11. at your filebeat instance: "filebeat test output" - it should say "ok" on every step.
11. at your filebeat instance:
```filebeat test output```
it should say "ok" on every step.
12. again: the following steps will not work correctly if sending data to logstash here is not successfull!
### KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)
13. create the index pattern: Management -> Index patterns -> Create index pattern
13. create the index pattern:
```Management -> Index patterns -> Create index pattern```
14. type logstash-syslog-dns - it shound find one index
15. click next step and select @timezone
16. Create index pattern
......@@ -69,15 +72,16 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin
18. click the curved arrows on the top left
19. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
20. optionally select the correct index pattern: logstash-syslog-dns*
21. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns*
22. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console
21. delete any existing template matching our index name:
```DELETE /_template/logstash-syslog-dns*```
22. import the template: paste the content of:
```logstash-syslog-dns-index.template_ELK7.x.json
into kibanas dev tools console
23. click the green triangle in the upper right of the pasted content (first line). Output should be:
```
{
"acknowledged" : true
}
```
You should then be able to see your new dashboard and visualizations.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)