ProHoster > Блог > Nchịkwa > Elastic n'okpuru mkpọchi na igodo: na-enyere nhọrọ nchekwa ụyọkọ Elasticsearch maka ịnweta site n'ime na n'èzí
Elastic n'okpuru mkpọchi na igodo: na-enyere nhọrọ nchekwa ụyọkọ Elasticsearch maka ịnweta site n'ime na n'èzí
Elastic Stack bụ ngwá ọrụ ama ama na ahịa sistemụ SIEM (n'ezie, ọ bụghị naanị ha). Ọ nwere ike ịnakọta ọtụtụ data nha dị iche iche, ma ndị nwere mmetụta na-adịghị ahụkebe. Ọ bụghị ihe ziri ezi ma ọ bụrụ na echekwaghị ohere ịnweta ihe Elastic Stack n'onwe ha. Site na ndabara, ihe niile Elastic na-esi na igbe (Elasticsearch, Logstash, Kibana, na ndị na-anakọta Beats) na-agba ọsọ na usoro mepere emepe. Na na Kibana n'onwe ya, enwere nkwarụ. Enwere ike ịchekwa mmekọrịta ndị a niile na n'isiokwu a anyị ga-agwa gị otu esi eme nke a. Maka ịdị mma, anyị kewara akụkọ ahụ n'ime ngọngọ semantic 3:
Ụdị nnweta data dabere na ọrụ
Nchekwa data n'ime ụyọkọ Elasticsearch
Na-echekwa data na mpụga ụyọkọ Elasticsearch
Nkọwa n'okpuru ịkpụ.
Ụdị nnweta data dabere na ọrụ
Ọ bụrụ na ị wụnye Elasticsearch ma ghara ịmegharị ya n'ụzọ ọ bụla, ịnweta index niile ga-emeghere onye ọ bụla. Ọfọn, ma ọ bụ ndị nwere ike iji curl. Iji zere nke a, Elasticsearch nwere ihe nlereanya nke dị na-amalite site na ndenye aha Basic (nke bụ n'efu). Schematically ọ dị ka nke a:
Kedu ihe dị na foto a
Ndị ọrụ bụ onye ọ bụla nwere ike iji nzere ha wee banye.
Akụrụngwa bụ ndenye aha, akwụkwọ, ubi, ndị ọrụ, na ụlọ ọrụ nchekwa ndị ọzọ (ihe nlereanya maka ụfọdụ akụrụngwa dị naanị site na ndenye aha akwụ ụgwọ).
Site na ndabara Elasticsearch nwere ndị ọrụ igbe, nke a na-ejikọta ha igbe ọrụ. Ozugbo ịmechara ntọala nchekwa, ị nwere ike ịmalite iji ha ozugbo.
Iji mee ka nchekwa dị na ntọala Elasticsearch, ịkwesịrị ịgbakwunye ya na faịlụ nhazi (site na ndabara nke a bụ elasticsearch/config/elasticsearch.yml) ahịrị ọhụrụ:
xpack.security.enabled: true
Ka ịgbanwee faịlụ nhazi ahụ, malite ma ọ bụ malitegharịa Elasticsearch maka mgbanwe ndị a ga-arụ ọrụ. Nzọụkwụ ọzọ bụ ikenye okwuntughe maka ndị ọrụ igbe. Ka anyị mee nke a na mmekọrịta site na iji iwu dị n'okpuru:
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
Anyị na-elele:
[elastic@node1 ~]$ curl -u elastic 'node1:9200/_cat/nodes?pretty'
Enter host password for user 'elastic':
192.168.0.2 23 46 14 0.28 0.32 0.18 dim * node1
Ị nwere ike pịa onwe gị aka n'azụ - ntọala dị n'akụkụ Elasticsearch agwụla. Ugbu a ọ bụ oge ịhazi Kibana. Ọ bụrụ na ị na-agba ọsọ ugbu a, njehie ga-apụta, ya mere ọ dị mkpa ịmepụta ụlọ ahịa isi. Emere nke a na iwu abụọ (onye ọrụ akụ yana okwuntughe etinyere na usoro okike okwuntughe na Elasticsearch):
Ọ bụrụ na ihe niile ziri ezi, Kibana ga-amalite ịrịọ maka nbanye na paswọọdụ. Ndebanye aha bụ isi gụnyere ihe nlereanya dabere na ndị ọrụ ime. Malite na ọla edo, ị nwere ike jikọọ sistemu nyocha mpụga - LDAP, PKI, Active Directory na Sistemụ nbanye otu.
Ikike ịnweta ihe dị n'ime Elasticsearch nwekwara ike kpachapụrụ anya. Otú ọ dị, iji mee otu ihe ahụ maka akwụkwọ ma ọ bụ ubi, ị ga-achọ ndenye aha akwụ ụgwọ (okomoko a na-amalite na ọkwa Platinum). Ntọala ndị a dị na interface Kibana ma ọ bụ site na API nchekwa. Ị nwere ike ịlele site na menu Ngwaọrụ Dev amaralarị:
Mgbe Elasticsearch na-agba ọsọ na ụyọkọ (nke a na-ahụkarị), ntọala nchekwa n'ime ụyọkọ ahụ ga-adị mkpa. Maka nkwurịta okwu echekwara n'etiti ọnụ ọnụ, Elasticsearch na-eji protocol TLS. Ka ịtọlite mmekọrịta echekwabara n'etiti ha, ịchọrọ asambodo. Anyị na-ewepụta asambodo na igodo nzuzo n'ụdị PEM:
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-certutil ca --pem
Mgbe emechara iwu dị n'elu, na ndekọ /.../elasticsearch Archive ga-apụta elastic-stack-ca.zip. N'ime ya ị ga-ahụ asambodo na igodo nzuzo nwere ndọtị crt и isi n'otu n'otu. Ọ bụ ihe amamihe dị na ya itinye ha na akụrụngwa nkekọrịta, nke kwesịrị ịnweta site na ọnụ ụzọ niile dị na ụyọkọ ahụ.
Ọnụ ụzọ ọ bụla chọrọ ugbu a asambodo nke ya na igodo nzuzo dabere na ndị nọ na ndekọ nkekọrịta. Mgbe ị na-eme iwu ahụ, a ga-ajụ gị ka ịtọọ paswọọdụ. Ịnwere ike ịgbakwunye nhọrọ -ip na -dns maka nkwenye zuru oke nke ọnụ ọnụ.
N'ihi imezu iwu ahụ, anyị ga-enweta asambodo na igodo nzuzo na usoro PKCS#12, nke paswọọdụ chebere. Naanị ihe fọdụrụ bụ ịkwaga faịlụ emepụtara p12 gaa na ndekọ nhazi:
Enwere nhọrọ nchekwa ọzọ - nzacha adreesị IP (dị na ndenye aha sitere na ọkwa ọla edo). Na-enye gị ohere ịmepụta ndepụta ọcha nke adreesị IP nke enyere gị ohere ịnweta ọnụ.
Na-echekwa data na mpụga ụyọkọ Elasticsearch
Na mpụga ụyọkọ ahụ pụtara ijikọ ngwaọrụ mpụga: Kibana, Logstash, Beats ma ọ bụ ndị ahịa mpụga ndị ọzọ.
Iji hazie nkwado maka https (kama http), tinye ahịrị ọhụrụ na elasticsearch.yml:
Mgbe ịgbakwunye igodo, ọnụ Elasticsearch dị njikere ijikọ site na https. Ugbu a enwere ike ịmalite ha.
Nzọụkwụ ọzọ bụ ịmepụta igodo iji jikọọ Kibana ma tinye ya na nhazi ahụ. Dabere na asambodo nke dị na ndekọ nkekọrịta, anyị ga-ewepụta asambodo n'ụdị PEM (PKCS#12 Kibana, Logstash na Beats anaghị akwado):
Igodo dị ebe ahụ, yabụ naanị ihe fọdụrụ bụ ịgbanwe nhazi Kibana ka ọ malite iji ha. Na faịlụ nhazi kibana.yml, gbanwee http gaa https wee tinye ahịrị na ntọala njikọ SSL. Ahịrị atọ ikpeazụ na-ahazi nzikọrịta ozi echekwara n'etiti ihe nchọgharị onye ọrụ na Kibana.
Ya mere, emechaala ntọala ahụ wee nweta data na ụyọkọ Elasticsearch ezoro ezo.
Ọ bụrụ na ị nwere ajụjụ gbasara ike nke Elastic Stack na ndenye aha efu ma ọ bụ akwụ ụgwọ, ọrụ nlekota ma ọ bụ ịmepụta sistemụ SIEM, hapụ arịrịọ ka ụdị nzaghachi na weebụsaịtị anyị.