Elasticsearch monitoring

• Introduction
• Compatibility matrix
• Prerequisites
• Configuration
• Manual execution
• Modules generated by the plugin

Introduction

Plugin for ELK server monitoring, last revision 17/04/2019.

ELK is a set of tools composed by Elasticsearch (Lucene based search server), Logstash (log management tool) and Kibana (tool to visualize and explore data).

A powerful text search engine, a log management tool and another to visualize and explore data.

Compatibility matrix

Developed for Kibana 6.2.4.

Prerequisites

It requires

• Connection with the Tentacle service associated to your Pandora FMS server (for the remote execution of the plugin) in order to send the data (XML files) generated by the plugin.

Deployment of this plugin by binaries does not require any special requirements.

It requires PandoraFMS library::PluginTools.pm

This library is available with the installation of Pandora FMS OpenSource package.

You can download the latest version from:

https://github.com/pandorafms/pandorafms/blob/develop/pandora_server/lib/PandoraFMS/PluginTools.pm

Configuration

Conection:

# ELK Plugin conf file 
# Defines ip server and port of ELK server.
elastic_server=127.0.0.1
elastic_port=9200

elastic_server
           IP address or FQDN of the ELK server.
elastic_port
          Port where the ELK server listens (9200 by default). 

The configuration file of Pandora FMS plugin for ELK allows to execute it in two ways: 

Agent:

# ELK Plugin conf file 
# Defines if should be executed as agent or as server plugin, set 0 to execute as server plugin or set 1 to execute as agent plugin. 
as_agent_plugin=1

Remote:

# ELK Plugin conf file 
# Defines if should be executed as agent or as server plugin, set 0 to execute as server plugin or set 1 to execute as agent plugin. 
as_agent_plugin=0

as_agent_plugin
           1 to execute as agent plugin.
           0 to execute as remote plugin.

If the plugin is to be executed remotely, it is necessary to configure the following parameters: 

# If as_agent_plugin is 0, please set the agent configuration: 
agent_name=adama
agent_interval=300
agent_group=Servers
# And the transf. options 
## Pandora Server configuration 
mode=tentacle
tentacle_ip=127.0.0.1
tentacle_port=41121
tentacle_opts
tentacle_client="tentacle_client"
local_folder=/var/spool/pandora/data_in
temporal=/tmp

agent_name
           Name of the agent where the information will be delivered.

agent_interval
           Interval in seconds between agent executions.

agent_group
           Group to which the agent will belong in Pandora FMS.
mode
           XML file transfer mode, can be:
                local: copies the files to local_folder.
                tentacle: transfers the files to tentacle_ip for tentacle_port.

tentacle_ip
            IP address or FQDN where Pandora FMS is running.

tentacle_port
            Port where the Tentacle service associated with your Pandora FMS server is listening.

tentacle_opts
           Extra options for Tentacle customers.

tentacle_client
           Path where the tentacle client binary can be found.

local_folder
           Location where files are moved in local mode.

temp
           Temporary location where files are stored before being sent.

Modules:

## Set 1 if you want to monitor number of index.
total_index=1
red_index=1
yellow_index=1
## Set 1 if you want to monitor index size.
total_index_size=1
red_index_size=1
yellow_index_size=1
## Set 1 if you want to monitor snapshots. 
snapshots=1
## Set 1 if you want to monitor Port connections. 
elastic_conections=1
kibana_conections=1
## Set 1 if you want to monitor memory usage of ELK. 
memory_usage=1
## Set 1 if you want to monitor cpu usage of ELK. 
cpu_usage=1
## Set 1 if you want to monitor disk metrics of ELK. 
disk_indices=1
disk_used=1
## Set 1 if you want to monitor documents count of ELK. 
document_count=1
## Check ELK services, 1 enabled 0 disabled. 
nginx_status=1
elastic_status=1
logstash_status=1
kibana_status=1

0 → Disables monitoring.
1 → Enables monitoring.

total_index
          Number of generated indexes. 

red_index
          Number of indexes in red status. 

yellow_index
          Number of indexes in yellow status. 

total_index_size
          Total index size in mb.

red_index_size
          Size of indexes in red status in mb.

yellow_index_size
          Size of indexes in red status in mb.

snapshots
         Total generated snapshots. 

elastic_connections
           Number of connections to the port where elastic listens (port 9200). 
           This module IS AVAILABLE ONLY in the execution as agent plugin.

kibana_connections
           Number of connections to the port where kibana listens (puerto 5601). 
           This module IS AVAILABLE ONLY in the execution as agent plugin. 

memory_usage
           Memory usage of the ELK server.
           This module IS AVAILABLE ONLY in the execution as agent plugin. 

cpu_usage
          CPU usage of the ELK server. 
          This module IS AVAILABLE ONLY in the execution as agent plugin.

disk_used
          Disk usage percentage of the ELK server.

disk_indices
          Disk size used by ELK server indexes.

document_count
           Counts the number of documents used by the ELK server.

nginx_status
           Status of the nginx service, 0 down, 1 up.
           This module IS AVAILABLE ONLY in the execution as agent plugin.

elastic_status
           Estado del servicio elastic, 0 down, 1 up.
           This module IS AVAILABLE ONLY in the execution as agent plugin.

logstash_status
           Estado del servicio logstash, 0 down, 1 up.
           This module IS AVAILABLE ONLY in the execution as agent plugin.

kibana_status
           Estado del servicio kibana, 0 down, 1 up.
           This module IS AVAILABLE ONLY in the execution as agent plugin.

Manual execution

To run the plugin, configure the configuration file according to the instructions above.

Running the plugin:

Binary version:

./pandora_elk.64 pandora_elk.conf

Code version without deployed libraries:

perl -I ./lib pandora_elk.pl pandora_elk.conf

Where, lib is a directory that contains the PandoraFMS folder, wherethe PluginTools.pm library is stored.

**Binary execution is recommended**

Modules generated by the plugin

The standard execution of this plugin will return the following default modules (with all optional blocks enabled):

• Disk_indices.
• Disk_used.
• Document_count.
• Elasticsearch_status (only running as an agent plugin).
• Elastic_port_Connections (only running as an agent plugin).
• ELK_Cpu_use (only running as an agent plugin).
• ELK_Memory_use (only running as an agent plugin).
• Index_size.
• Kibana_Port_Connections (only running as an agent plugin).
• Kibana_status (only running as an agent plugin).
• Logstash_status (only running as an agent plugin).
• Nginx_status (only running as an agent plugin).
• Red_Index.
• Red_Index_size.
• Snapshots.
• Total_index.
• Yellow_index.
• Yellow_inex_size.