Configuring Remote ELK Logging
This chapter explains how to configure V2PC to add a remote ELK server and redirect V2PC logs to the remote server. The ELK server must be up and running, but need not have been bootstrapped during the initial V2PC deployment.
This procedure involves running a script from any V2PC master node to change the logging location to the remote ELK server, and can be performed at any time following initial V2PC deployment.
The script performs two basic tasks:
Registers the new ELK server IP address as a Consul service. The next time you create a new node, the node automatically sends logs to the specified ELK server IP address.
For each node listed, updates the td-agent.conf file to reflect the new ELK server IP address and then restarts td-agent/fluentd. After restarting, the daemon sends logs to that IP address.
To send V2PC logs to a remote ELK server that was not created during the initial bootstrap process:
Step 1 Confirm that the V2PC instance is bootstrapped with an updated ISO image, or has been upgraded using the v2plogging-master rpm on the master nodes and the v2p-logging-worker rpm on the worker nodes.
Step 2 Copy (scp) the v2pcssh.key file to the /opt/cisco/v2p/v2pc/v2p-logging-master/src/ directory on any master node.
Note This key was generated by the Docker container during the bootstrap process, and is used to access the nodes of your V2PC instance.
Step 3 Change to the V2PC logging master source directory as follows:
Step 4 In this directory, create a new text file named IPlist.txt and enter a list of all of the nodes that should send logs to the remote ELK server. Use the format shown below, with each node entered on its own line:
[NODE TYPE(master/worker)] [IP]
Note A sample IPList.txt file is available for use as a template. Contact Cisco for details.
Step 5 Execute the following command to run the script:
./changeELKServer.sh </path/to/v2pcssh.key> </path/to/ip/list.txt> <elk-log-ip>
</path/to/v2pcssh.key> is the location of v2pcssh.key
</path/to/ip/list.txt> is the location of IPlist.txt
<elk-log-ip> is the IP address of the remote EKL server
Note An alternate script named ./changeELKWizard.sh is available with prompts to guide users through the steps of entering the arguments and changing the ELK server td-agent. Contact Cisco for details.