Configuring the Elasticsearch Log Plug-In to Write Access Logs to Elasticsearch
Learn how to install and use the Akana Elasticsearch Log Plug-In to write access log files to the Elasticsearch server.
Table of Contents
- Overview
- Installation
- Configuring the Elasticsearch Log Plug-In to write access logs to Elasticsearch (com.akana.log.elasticsearch)
- Logged Data: access logs
- Security configuration for Elasticsearch Log Plug-In request or access log settings
Overview
The Akana Elasticsearch Log Plug-In can be installed on each of the Akana containers. This plug-in allows Akana container exception data, and optionally access log information, into Elasticsearch.
You can use Kibana to view the data pushed into Elasticsearch, or query it directly. The data is returned as a JSON document.
There is a com.akana.log.elasticsearch configuration property that you can use to configure the Elasticsearch Log Plug-In to write data to Elasticsearch rather than the default location. The com.akana.log.elasticsearch allows you to configure the platform to write access logs ( or HTTP request logs) to the Elasticsearch server.
Installation
The Akana Elasticsearch Log Plug-In is a part of the Akana Option packs and is downloaded from the Support Download site. It can be installed in any of the Akana containers.
To download: Go to the Rogue Wave Support Center (https://library.roguewave.com). Click Product Downloads > Akana - Product Downloads > choose version. Option packs are in the bottom section of the page. Download the version number that matches your installation.
Unzip the file, and then copy everything contained inside the /lib/ folder in the ZIP file (folders and files), to the /lib/ folder of your installation. For example: \lib\optionpacks\2019.1.3.
You can then install the feature using the Akana Administration Console.
Any container where the Akana Elasticsearch Log Plug-In is installed must be able to access the Elasticsearch server.
Configuring the Elasticsearch Log Plug-In to write access logs to Elasticsearch (com.akana.log.elasticsearch)
After the plug-in is installed, the following configuration category is added to the container and the following properties configured. In the Akana Administration Console, on the Configuration tab, under Configuration Categories, select com.akana.log.elasticsearch.
The configuration PID is: com.akana.log.elasticsearch
To write the access logs (or HTTP request logs) to the Elasticsearch server, set the requestLog.enabled configuration property to true.
Properties that are required are shown in the table below.
| Property | Description |
|---|---|
| requestDataSaver.elasticHost | The Elasticsearch server host and port url: http(s)://{es_host}:{es_port}. Default: http://localhost:9200. |
| requestDataSaver.elasticIndex | The Elasticsearch index to store the data. Default: request-log. |
| requestLog.enabled | To enable the logging, set to true. False disables the logging. Default: false. |
Logged Data: access logs
This plug-in pushes the exceptions from the access log file into Elasticsearch. An example log entry is shown below.
{
"_index":"request-log",
"_type":"_doc",
"_id":"GREqUnMBasfBiMra4uPq",
"_score":1.0,
"_source":{
"@timestamp":"2020-07-15T11:10:09.127Z",
"hostName":"3TNT8P4",
"containerKey":"6ff2-409f-4a2d-974d-664c6b4b7a99",
"instanceName":"eapNd",
"apache2":{
"access":{
"method":"GET",
"http_version":"1.1",
"vhost":"gw.aka.na",
"secure":false,
"url":"http://gw.aka.na:7905/admin/config/",
"request_type":"application/json",
"request_size":-1,
"remote_ip":"10.250.24.223",
"remote_port":45920,
"local_ip":"10.250.25.249",
"local_port":7905,
"user_name":"",
"referrer":null,
"user_agent_header":"okhttp/4.2.1",
"response_type":"application/json",
"response_code":200,
"access":{
"bytes":180
},
"dispatch_duration":1,
"duration":1
}
},
"accept":{
"accept":"application/json",
"accept-encoding":"gzip"
}
}
}Security configuration for Elasticsearch Log Plug-In request or access log settings
Transport Layer Security (TLS) is a standard protocol for applying security controls (such as encryption) to network communications. The Elasticsearch Log Plug-in supports secure TLS connections to add encryption for a node to node communication and client communication. To enable security and encryption for HTTP connection, you need to make changes in the Elasticsearch YAML file, see Configuring Elasticsearch with Security.
To configure the secure Elasticsearch Log Plug-In request or access log settings:
Log in to the Akana Administration Console and go to Configuration > com.akana.log.elasticsearch.
The properties that are required are shown in the following table.
| Property | Description |
|---|---|
| elastic.log.client.keystorePath | The keystore path that contains the key and certificates. |
| elastic.log.client.keystorePassword | The password for the keystore. Only PKCS12 and JKS keystore formats are supported. |
| elastic.log.client.truststorePath | The truststore path that contains the key and certificates. |
| elastic.log.client.truststorePassword | The password for the truststore . |
| elastic.log.client.sslHostNameVerifierMode | The default is allow_all. The other possible value is default, which enforces host name verification. |
| elastic.log.client.user | The name of a user with basic authentication privileges. |
| elastic.log.client.password | The password for the indicated username. |
Note: The keystore password and key password must be the same.