Private GIT

Skip to content
Snippets Groups Projects
Select Git revision
  • 309f89c4d9a71416aa8be1f733e1310b186fe427
  • master default protected
  • nin9s-patch-1
  • dev
  • pr/16
  • template-patch-for-geoip
  • v0.5.1
  • v0.5
  • 0.4
  • v0.3
  • 0.2
  • v0.1.11
  • v0.1.1
  • elk-hole
  • 0.1
15 results

elk-hole

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    added dns heatmap
    nin9s authored
    309f89c4
    History
    user avatar 309f89c4
    History
    Name Last commit Last update
    .github/ISSUE_TEMPLATE
    dnsmasq.d
    etc/filebeat
    logstash
    CODE_OF_CONDUCT.md
    LICENSE
    README.md
    dash.PNG
    elk-hole - dash.json
    elk-hole - vis.json
    elk-hole.zip
    README.md

    elk-hole

    elasticsearch, logstash and kibana configuration for pi-hole visualization

    show, search, filter and customize pi-hole statistics ... the elk way

    please note, this is still work in progress, so please let me know if I've left anything unclear/incorrect which definitely could be the case!

    requirements:

    working installation of:

    1. logstash (tested with "6.5.0")
    2. elasticsearch (tested with "6.5.0")
    3. kibana (tested with "6.5.0")
    4. filebeat on pi-hole (tested with "1.3.1")

    -> installation of the elk stack - refer to https://wiki.kaldenhoven.org/display/LIN/Elastic+Stack+on+Ubuntu+16.04+with+AdoptOpenJDK or https://www.elastic.co/ for details.

    this repo provides the relevant files and configuration for sending the pi-hole logs via filebeat directly to logstash/elasticsearch. We will then visualize the logs in kibana with a custom dashboard.

    The result will look like this:

    alt text

    HOW TO USE

    LOGSTASH HOST

    1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash)
    2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
    3. copy "dns" to "/etc/logstash/patterns/"
    4. restart logstash

    PI-HOLE

    1. copy "/etc/filebeat/filebeat.yml" to your filebeat installation at the pi-hole instance
    2. customize "LOGSTASHHOST:5141" to match your logstash hostname/ip
    3. restart filebeat
    4. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
    5. restart pi-hole

    KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)

    1. import "elk-hole.json" into kibana: management - saved objects - import

    You should then be able to see your new dashboard and visualizations.

    a huge "thank you" to skaldenhoven who contributed quiet some nice details to the configuration and parsing logic as well as troubleshooting and testing!

    Another place to be (or not)