Tweet
Tweet

Slide 1

Slide 1 text

‹#› Security, Alerting, Monitoring and More with the Elastic Stack

Slide 2

Slide 2 text

Monitoring Tanguy Leroux Tim Sullivan @tlrx @timsullivanyeah All the Things

Slide 3

Slide 3 text

‹#› Logging and monitoring are at the heart of making sure your solutions are up and running to your expectations. - David Messina VP, Enterprise Marketing at Docker’s VP of Enterprise Marketing

Slide 4

Slide 4 text

‹#› And then Marvel 1.0 Arrived First commercial plugin of Elastic!

Slide 5

Slide 5 text

Cluster Pulse 5

Slide 6

Slide 6 text

‹#›

Slide 7

Slide 7 text

‹#›

Slide 8

Slide 8 text

‹#› Monitoring for Elasticsearch 2.x Yes, we like to rename things :)

Slide 9

Slide 9 text

Multi-Cluster Support 9

Slide 10

Slide 10 text

Cluster Overview at a Glance 10

Slide 11

Slide 11 text

Node Listing 11

Slide 12

Slide 12 text

‹#›

Slide 13

Slide 13 text

19 Kibana 5 New design Issues Cross-Stack Monitoring

Slide 14

Slide 14 text

‹#› Spotlight Theater @ 4:40pm Monitoring Elasticsearch

Slide 15

Slide 15 text

Security Don’t Hack Me Bro! Jay Modi @jaymode2001

Slide 16

Slide 16 text

16 Security for the Elastic Stack • Username/password protection Simply Secure Elasticsearch Advanced Security When Needed • LDAP, Active Directory, and PKI integration • Role-based access control • Field and document level security • Encrypted communication • Auditing

Slide 17

Slide 17 text

Adding Users (now) Command Line Utility 17 $ bin/shield/esusers useradd jaymode -r admin Enter new password: Retype new password:

Slide 18

Slide 18 text

Security APIs User and Role management 18 curl –XPUT localhost:9200/_shield/user/jaymode –d ‘ { "roles" : ["engineering", "security"], "password" : "changeme" }’ curl –XPUT localhost:9200/_shield/role/security –d ‘ { "cluster": ["all"], "indices": [ { "names": ".shield_audit_log-*",
 "privileges": ["all"] } ] }’

Slide 19

Slide 19 text

Kibana Sessions and Login Screen 19

Slide 20

Slide 20 text

User and Roles UI 20

Slide 21

Slide 21 text

‹#› Security Configuration API & UI

Slide 22

Slide 22 text

‹#› Kibana Security

Slide 23

Slide 23 text

‹#› Built In Users

Slide 24

Slide 24 text

‹#› Spotlight Theater @ 2:40pm Securing Elasticsearch

Slide 25

Slide 25 text

Alerting Watch This! Alexander Reelsen @spinscale

Slide 26

Slide 26 text

‹#› Notify me on chat, if we have over 1000 orders per hour - The Startup CEO

Slide 27

Slide 27 text

‹#› Trigger an alert, when the same IP accesses all services in a certain interval - Your Admin

Slide 28

Slide 28 text

‹#› Email me when the product is back in stock! - Desperate Online Shopper

Slide 29

Slide 29 text

‹#› 5% traffic increase in the last 5 minutes. Ping folks on chat! - Your Loadbalancer

Slide 30

Slide 30 text

‹#› 5% traffic increase in the last 5 minutes at 2am. Pager time! - Not your SO

Slide 31

Slide 31 text

‹#› Can you predict the additional system resources for the next two weeks? - Every system architect ever

Slide 32

Slide 32 text

32 A Watch consists of… • Trigger • Input • Condition • Actions • Metadata • Transformation

Slide 33

Slide 33 text

{ } 33 PUT /_watcher/watch/cluster_health

Slide 34

Slide 34 text

{ "trigger" : { "schedule" : { "interval" : "10s" } } } 34 PUT /_watcher/watch/cluster_health

Slide 35

Slide 35 text

{ "trigger" : { "schedule" : { "interval" : "10s" } }, "input" : { "http" : { "request" : { "url" : "http://localhost:9200/_cluster/health" } } } } 35 PUT /_watcher/watch/cluster_health

Slide 36

Slide 36 text

{ "trigger" : { "schedule" : { "interval" : "10s" } }, "input" : { "http" : { "request" : { "url" : "http://localhost:9200/_cluster/health" } } }, "condition" : { "compare" : { "ctx.payload.status" : { "eq" : "red" } } } } 36 PUT /_watcher/watch/cluster_health

Slide 37

Slide 37 text

{ "trigger" : { "schedule" : { "interval" : "10s" } }, "input" : { "http" : { "request" : { "url" : "http://localhost:9200/_cluster/health" } } }, "condition" : { "compare" : { "ctx.payload.status" : { "eq" : "red" } } }, "actions" : { "send_email" : { "email" : { "to" : "[email protected]", "subject" : "Cluster Status Warning", "body" : "Cluster status is RED" } } } } 37 PUT /_watcher/watch/cluster_health

Slide 38

Slide 38 text

‹#› Recap

Slide 39

Slide 39 text

2.0: Hipchat action 39 "actions" : { "notify-hipchat" : { "hipchat" : { "account" : "integration-account", "message" : { "body" : "@{{ctx.metadata.userOnDuty}} Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)", "format" : "text", "color" : "red", "notify" : true } } } }

Slide 40

Slide 40 text

2.0: Slack action 40 "actions" : { "notify-slack" : { "slack" : { "message" : { "from" : "watcher", "to" : [ "#admins", "#errors" ] , "text" : "Monitoring incident", "attachments" : [ { "text" : "@{{ctx.metadata.userOnDuty}} Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes (facepalm)", "title" : "text", "color" : "danger" ] } ...

Slide 41

Slide 41 text

2.0: Activate/Deactivate REST API 41 PUT /_watcher/watch//_activate PUT /_watcher/watch//_deactivate

Slide 42

Slide 42 text

2.0: Array Compare 42 "condition": { "array_compare": { "ctx.payload.aggregations.top_tweeters.buckets" : { "path": "doc_count", "gte": { "value": 25, "quantifier": "some" } } } }

Slide 43

Slide 43 text

2.1: Chained inputs 43 "input" : { "chain": { "inputs": [ { "first": { "simple" : { "path" : "/_search" } } }, { "second": { "http" : { "request" : { … } } } } ] } } ... }

Slide 44

Slide 44 text

2.1: Chained inputs 44 {{ctx.payload.second.hits.total}} {{ctx.payload.first.path}} "input" "chain" "inputs" "first" "second" } } ... }

Slide 45

Slide 45 text

2.3: PagerDuty action 45 "actions" : { "notify-pagerduty" : { "pagerduty" : { "message" : { "description" : "Main system down, please check! Happened at {{ctx.execution_time}}", "client" : "/foo/bar/{{ctx.watch_id}}", "attach_payload" : true, "context" : [ { "type" : "response", "href" : "http://www.test.de/foo" } ] ...

Slide 46

Slide 46 text

2.3: External email attachments 46 "actions" : { "email_admin" : { "email" : { "to" : "[email protected]", "attachments" : { "my_id" : { "http" : { "request" : { "url" : "http://example.org/daily-report.pdf" } } } } } ...

Slide 47

Slide 47 text

‹#› What's next?

Slide 48

Slide 48 text

‹#› Curator

Slide 49

Slide 49 text

‹#› Watcher UI

Slide 50

Slide 50 text

‹#› Actions

Slide 51

Slide 51 text

‹#› Friday, Lunch area @ 11:00am BoF: Alerting & Notifications Share Your Watcher Stories

Slide 52

Slide 52 text

Reporting Kibana For Your Inbox Joe Fleming @w33ble

Slide 53

Slide 53 text

‹#› I need this information. Can you send me a report? - Every Manager Ever

Slide 54

Slide 54 text

54

Slide 55

Slide 55 text

55

Slide 56

Slide 56 text

‹#› Network’s down. Meeting’s over. - No Manager Ever

Slide 57

Slide 57 text

No content

Slide 58

Slide 58 text

No content

Slide 59

Slide 59 text

Delivery with Alerting 59 "actions" : { "email_admin" : { "email" : { "to" : "[email protected]", "attachments" : { "my_id" : { "http" : { "request" : { "url" : "http://example.org/daily-report.pdf" } } } } } ...

Slide 60

Slide 60 text

‹#› 5.0 Alpha 1

Slide 61

Slide 61 text

‹#› Distributed Rendering

Slide 62

Slide 62 text

‹#› Administrative Control

Slide 63

Slide 63 text

‹#› Historical Archive

Slide 64

Slide 64 text

‹#› Spotlight Theater @ 3:40pm From Dashboard to PDF Generate Reports with the Elastic Stack

Slide 65

Slide 65 text

65

Slide 66

Slide 66 text

‹#› Monitoring Elasticsearch Securing Elasticsearch From Dashboard to PDF BoF: Alerting & Notifications Spotlight Theater: 2:40pm Spotlight Theater: 3:40pm Spotlight Theater: 4:40pm Lunch Area: Friday at 11:00am