Configuring the Elasticsearch Log Plug-In to Write Access Logs to Elasticsearch

Learn how to install and use the Akana Elasticsearch Log Plug-In to write access log files to the Elasticsearch server.

Table of Contents

Overview

The Akana Elasticsearch Log Plug-In can be installed on each of the Akana containers. This plug-in allows Akana container exception data, and optionally access log information, into Elasticsearch.

You can use Kibana to view the data pushed into Elasticsearch, or query it directly. The data is returned as a JSON document.

There is a com.akana.log.elasticsearch configuration property that you can use to configure the Elasticsearch Log Plug-In to write data to Elasticsearch rather than the default location. The com.akana.log.elasticsearch allows you to configure the platform to write access logs ( or HTTP request logs) to the Elasticsearch server.

Installation

The Akana Elasticsearch Log Plug-In is a part of the Akana Option packs and is downloaded from the Support Download site. It can be installed in any of the Akana containers.

To download: Go to the Rogue Wave Support Center (https://library.roguewave.com). Click Product Downloads > Akana - Product Downloads > choose version. Option packs are in the bottom section of the page. Download the version number that matches your installation.

Unzip the file, and then copy everything contained inside the /lib/ folder in the ZIP file (folders and files), to the /lib/ folder of your installation. For example: \lib\optionpacks\2019.1.3.

You can then install the feature using the Akana Administration Console.

Any container where the Akana Elasticsearch Log Plug-In is installed must be able to access the Elasticsearch server.

Configuring the Elasticsearch Log Plug-In to write access logs to Elasticsearch (com.akana.log.elasticsearch)

After the plug-in is installed, the following configuration category is added to the container and the following properties configured. In the Akana Administration Console, on the Configuration tab, under Configuration Categories, select com.akana.log.elasticsearch.

The configuration PID is: com.akana.log.elasticsearch

To write the access logs (or HTTP request logs) to the Elasticsearch server, set the requestLog.enabled configuration property to true.

Properties that are required are shown in the table below.

PropertyDescription
requestDataSaver.elasticHost

The Elasticsearch server host and port url: http(s)://{es_host}:{es_port}.

Default: http://localhost:9200.

requestDataSaver.elasticIndex

The Elasticsearch index to store the data.

Default: request-log.

requestLog.enabled

To enable the logging, set to true. False disables the logging.

Default: false.

Logged Data: access logs

This plug-in pushes the exceptions from the access log file into Elasticsearch. An example log entry is shown below.

{
  "_index":"request-log",
  "_type":"_doc",
  "_id":"GREqUnMBasfBiMra4uPq",
  "_score":1.0,
  "_source":{
    "@timestamp":"2020-07-15T11:10:09.127Z",
    "hostName":"3TNT8P4",
    "containerKey":"6ff2-409f-4a2d-974d-664c6b4b7a99",
    "instanceName":"eapNd",
    "apache2":{
      "access":{
        "method":"GET",
        "http_version":"1.1",
        "vhost":"gw.aka.na",
        "secure":false,
        "url":"http://gw.aka.na:7905/admin/config/",
        "request_type":"application/json",
        "request_size":-1,
        "remote_ip":"10.250.24.223",
        "remote_port":45920,
        "local_ip":"10.250.25.249",
        "local_port":7905,
        "user_name":"",
        "referrer":null,
        "user_agent_header":"okhttp/4.2.1",
        "response_type":"application/json",
        "response_code":200,
        "access":{
          "bytes":180
        },
        "dispatch_duration":1,
        "duration":1
      }
    },
    "accept":{
      "accept":"application/json",
      "accept-encoding":"gzip"
    }
  }
}

Security configuration for Elasticsearch Log Plug-In request or access log settings

Transport Layer Security (TLS) is a standard protocol for applying security controls (such as encryption) to network communications. The Elasticsearch Log Plug-in supports secure TLS connections to add encryption for a node to node communication and client communication. To enable security and encryption for HTTP connection, you need to make changes in the Elasticsearch YAML file, see Configuring Elasticsearch with Security.

To configure the secure Elasticsearch Log Plug-In request or access log settings:

Log in to the Akana Administration Console and go to Configuration > com.akana.log.elasticsearch.

The properties that are required are shown in the following table.

Property Description
elastic.log.client.keystorePath The keystore path that contains the key and certificates.
elastic.log.client.keystorePassword The password for the keystore. Only PKCS12 and JKS keystore formats are supported.
elastic.log.client.truststorePath The truststore path that contains the key and certificates.
elastic.log.client.truststorePassword The password for the truststore .
elastic.log.client.sslHostNameVerifierMode The default is allow_all. The other possible value is default, which enforces host name verification.
elastic.log.client.user The name of a user with basic authentication privileges.
elastic.log.client.password The password for the indicated username.

Note: The keystore password and key password must be the same.