Private GIT

Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • nin9s-patch-1
  • dev
  • pr/16
  • template-patch-for-geoip
  • v0.5.1
  • v0.5
  • 0.4
  • v0.3
  • 0.2
  • v0.1.11
  • v0.1.1
  • elk-hole
  • 0.1
14 results

elk-hole

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    Update README.md
    9S authored
    2e4a984b
    History
    user avatar 2e4a984b
    History
    Name Last commit Last update
    .github/ISSUE_TEMPLATE
    dnsmasq.d
    etc
    json
    logstash
    .whitesource
    CODE_OF_CONDUCT.md
    LICENSE
    README.md
    dash.PNG
    elk-hole.zip
    README.md

    elk-hole

    elasticsearch, logstash and kibana configuration for pi-hole visualization

    elk-hole provides the relevant files and configuration to easily visualize pi-holes/dnsmasq statistics via the popular elasticstack.

    show, search, filter and customize pi-hole statistics ... the elk way

    requirements:

    working installation of:

    1. logstash (currently tested up to version "7.1.0")
    2. elasticsearch (currently tested up to version with "7.1.0")
    3. kibana (currently tested up to version "7.1.0")
    4. filebeat on pi-hole (tested with "1.3.1" & "7.1.1")

    -> installation of the elk stack - refer to https://www.elastic.co/ for details.

    this repo provides the relevant files and configuration for sending the pi-hole logs via filebeat directly to logstash/elasticsearch. We will then visualize the logs in kibana with a custom dashboard.

    The result will look like this:

    alt text

    HOW TO USE

    LOGSTASH HOST

    1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash)
    2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
    3. copy "dns" to "/etc/logstash/patterns/"
    4. restart logstash

    PI-HOLE

    1. copy "/etc/filebeat/filebeat.yml" to your filebeat installation at the pi-hole instance
    2. customize "LOGSTASHHOST:5141" to match your logstash hostname/ip
    3. restart filebeat
    4. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
    5. restart pi-hole

    KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)

    1. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
    2. optionally reload kibanas field list

    You should then be able to see your new dashboard and visualizations.

    credits to skaldenhoven who contributed quiet some nice details to the configuration and parsing logic as well as troubleshooting and testing!

    Another place to be (or not)