Monitoring CISCO ACLs with ELK stack 5.4 (part4)

Hi again world!

Summer is reaching its peak here at the Spanish coast... so less time to write IT articles and more time to outdoor fun ;-)

Anyhow, let's end up this series of articles about setting up ELK stack and monitor CISCO ACLs.
This one is the last, and by far, the shortest one.

Find previous articles here:

  • part1 talks about overall ELK, environment, repositories and so...
  • part2 covers setting up the Elasticsearch part of the stack.
  • part3 covers setting up the Logstash part of the stack.

I would like to talk about creating amazing dashboards with Kibana 5.X, as I did/do with Kibana3, but my experience with this new version oh Kibana has been so bad, that, in fact, I have found a solid reason to stick with my current ELK 1.x installs in production.

Although I have managed to crate my dashboards in Kibana5, when compared to Kibana3, the experience in usage, management, configuration, interface, and so is a major step back.
Kibana5 is, in fact, a completely new and different piece of software. It is now a NodeJS independent application, and the only thing that shares with Kibana3 is that, at the end, it is all about drawing graphs from Elasticsearch stored data, and there are concepts that remain the same obviously.
On the other hand, from a developer perspective, no doubt Kibana5 is a huge improvement over Kibana3.

There is a fork of Kibana3 that aims to get Kibana3 compatible with Elasticsearch5.
I have tried it and it works! although I'm still dealing with some problems, not every feature has been still ported, and probably bugs are around, the project and the work of its author is just amazing, thanks!
Here's the github project repository: https://github.com/immunochomik/kibana3

So, let's intall Kibana5...

Contrary to Kibana3, it is nicelly packaged and ready to go:

apt-get install kibana

 
Being a NodeJS application, it spawns a web server process listening, by default, at port 5601.
Configuration file is in yml format at /etc/kibana/kibana.yml.
Some interesting things you may chack in config and eventually adapt to your needs are change listening port and, of course, pointing Kibana against your Elasticsearch database.

Here is an example of the interesting lines you may edit:

server.port: 80
server.host: "192.168.1.2"
server.name: "yourname"
elasticsearch.url: "http://192.168.1.2:9200"

 
So, that's all folks.
Now, if you never used Kibana3, enjoy reading the docs and creating your graphs!