more

2015-02-04 09:13:29 +00:00 · 2015-02-04 09:13:29 +00:00 · a8ec25655f
parent ef4e77a90c
commit a8ec25655f
1 changed files with 27 additions and 3 deletions
--- a/utils/elk/README.md
+++ b/utils/elk/README.md
@ -1,16 +1,33 @@
-How to process Kippo output in an ELK stack
-===========================================
+# How to process Kippo output in an ELK stack

 (Note: work in progress, instructions are not verified)

+
+## Prerequisites
+
+* Working Kippo installation
+* Kippo JSON log file (enable database json in kippo.cfg)
+
+## Installation
+
 * Install logstash, elasticsearch and kibana

 ```
 apt-get install logstash
 apt-get install elasticsearch
-apt-get install kibana
 ````

+* Install Kibana
+
+This may be different depending on your operating system. Kibana will need additional components such as a web server
+
+
+## ElasticSearch Configuration
+
+TBD
+
+## Logstash Configuration
+
 * Download GeoIP data

 ```
@ -24,6 +41,11 @@ wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz

 ```
 cp logstash-kippo.conf /etc/logstash/conf.d
+```
+
+* Make sure the configuration file is correct. Check the input section (path), filter (geoip databases) and output (elasticsearch hostname)
+
+```
 service logstash restart
 ```

@ -41,3 +63,5 @@ tail /tmp/kippo-logstash.log
 http://<hostname>:9200/_search?q=kippo&size=5
 ```

+* If this gives output, your data is correctly loaded into ElasticSearch
+