Logging and Back Again -A Network Engineers Journey with ELK
Transcript of Logging and Back Again -A Network Engineers Journey with ELK
![Page 1: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/1.jpg)
https://developer.cisco.com/netdevops/live
George KobarElastic
Season 3, Talk 7
Logging and Back Again - A Network Engineers Journey with ELK
Twitter: @GeorgeKobar
Hosted by Hank Preston, NetDevOps EngineerTwitter: @hfpreston
![Page 2: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/2.jpg)
George KobarSr Community Advocate
@GeorgeKobar
Logging and Back Again -A Network Engineers Journey with ELK (Elastic Stack)
![Page 3: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/3.jpg)
Back in My Day...
![Page 4: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/4.jpg)
New Application Development
![Page 5: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/5.jpg)
This is Fine
Source: https://sysdig.com/blog/sysdig-2019-container-usage-report/
![Page 6: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/6.jpg)
Syslog….?
7.78 GBSyslog File
Looking for errors
![Page 7: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/7.jpg)
This is a search problem.
![Page 8: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/8.jpg)
Elastic is a search company.
![Page 9: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/9.jpg)
Elastic (ELK) Stack
Open Source
![Page 10: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/10.jpg)
Elastic Enterprise Search Elastic SecurityElastic Observability
Kibana
Elasticsearch
Beats Logstash
3 Solutions Powered by 1 Stack
Elastic Stack
![Page 11: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/11.jpg)
Kibana
Elasticsearch
Beats Logstash
SaaS Orchestration
Elastic Cloud Elastic Cloud on Kubernetes
Elastic Cloud Enterprise
Self-Managed
Standalone
![Page 12: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/12.jpg)
Elastic Enterprise Search Elastic SecurityElastic Observability
Kibana
Elasticsearch
Beats Logstash
3 Solutions Powered by 1 Stack
Elastic Stack
![Page 13: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/13.jpg)
Observabilityor
O11Y=
+
+
![Page 14: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/14.jpg)
ObservaBLTObservability
=+
+
![Page 15: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/15.jpg)
DEMO!
![Page 16: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/16.jpg)
![Page 17: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/17.jpg)
DEVBOX
![Page 18: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/18.jpg)
DEVBOX
![Page 19: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/19.jpg)
DEVBOX
Kibana
Elasticsearch
![Page 20: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/20.jpg)
Open Source
https://www.docker.elastic.co/
Elasticsearch (Enterprise Features 30 Day Trial)
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2
Kibana (Enterprise Features 30 Day Trial)
docker pull docker.elastic.co/kibana/kibana:7.6.2
![Page 21: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/21.jpg)
Elasticsearch Docker Startup
sudo docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.6.2
sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d557241f188 docker.elastic.co/elasticsearch/elasticsearch:7.6.2 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp reverent_poincare
![Page 22: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/22.jpg)
curl -X GET “10.10.20.50:9200/_cluster/health?pretty”
![Page 24: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/24.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat
Beats
![Page 25: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/25.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat
Beats
![Page 26: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/26.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat
Beats
![Page 27: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/27.jpg)
Logstash
Kibana
Elasticsearch
DEVBOX
input { udp { port => "8514" type => "syslog-cisco" } tcp { port => "8514" type => "syslog-cisco" }}
![Page 28: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/28.jpg)
Kibana
Elasticsearch
DEVBOX
Beats
- module: cisco asa: enabled: true var.input: "syslogfile" var.syslog_host: localhost var.syslog_port: 9001
![Page 29: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/29.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat
Beats
![Page 30: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/30.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat
Beats
![Page 31: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/31.jpg)
![Page 32: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/32.jpg)
![Page 33: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/33.jpg)
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.2-x86_64.rpm
sudo rpm -vi filebeat-7.6.2-x86_64.rpm
![Page 34: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/34.jpg)
filebeat.inputs:- type: log enabled: false paths:filebeat.autodiscover: providers: - type: docker templates: - condition: contains: docker.container.image: centos config: - type: container paths: - /var/lib/docker/containers/${data.docker.container.id}/*.log exclude_lines: ["^\\s+[\\-`('.|_]"]filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: true reload.period: 10ssetup.template.settings: index.number_of_shards: 1 _source.enabled: truename: log_repotags: ["syslog", "network"]fields: env: prodsetup.kibana: host: "localhost:5601"output.elasticsearch: hosts: ["localhost:9200"] username: "elastic" password: "changeme"processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~
![Page 35: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/35.jpg)
sudo filebeat modules enable system
sudo filebeat modules enable cisco
![Page 36: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/36.jpg)
sudo filebeat setup
sudo service filebeat start
![Page 38: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/38.jpg)
Live Demo
![Page 39: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/39.jpg)
DEVBOX
Kibana
Elasticsearchfilebeat filebeat auditbeat
packetbeatBeats
![Page 40: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/40.jpg)
DevelopmentTeam
Ops: Log Monitoring
Availability Response Time
Uptime Tool
Ops: Infra Monitoring
Web LogsApp LogsDatabase LogsContainer Logs
Log Tool
Real User Mon.Txn Perf Mon.Dist. Tracing
APM Tool
Ops: ServiceMonitoring
Container MetricsHost MetricsDatabase MeticsNetwork MetricsStorage Metrics
Metrics Tool
Business KPIs
Business Tool
Business Team
Typical observability stack
![Page 41: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/41.jpg)
Dev, Ops and Business Teams
Elastic approach to observability
APM Data Uptime DataMetrics DataLog Data Business Data
All your operational data in a single powerful datastore — Elasticsearch
![Page 42: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/42.jpg)
Unified Machine Learning
Unified Alerting
One Pricing Model
One tool to learn, secure, maintain, ...
Reduce alert fatigue with smarter rule
Spot issue earlier with smarter detection
One powerful datastore — Elasticsearch.
Unified Dashboarding Eliminate swivel chair analysis
Simplify and control spend
Gain operational efficiency
No more silos, unification at every layer
APM Uptime MetricsLogs Business
Unified Schema Speed up analysis with cross-source correlation
![Page 43: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/43.jpg)
Elastic approach to observability
![Page 44: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/44.jpg)
![Page 45: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/45.jpg)
https://www.elastic.co/cloud/elasticsearch-service/signup
![Page 46: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/46.jpg)
@GeorgeKobar
Thank you!
Q & A
![Page 47: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/47.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NetDevOps Tech Chat
![Page 48: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/48.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
</finish>
![Page 49: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/49.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Docs and Links• Learning Labs• DevNet Sandboxes
• Code Samples
Webinar Resources on DevNet!
developer.cisco.com/netdevops/live/#s03t07
![Page 50: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/50.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
developer.cisco.com/codeexchange
NetDevOps Live! Code Exchange Challenge
Event driven something! Monitor syslog for some key message and take an action based on it.
Example: Every time the configuration changes on a device send yourself a chat message!
![Page 51: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/51.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• NetDevOps on DevNetdeveloper.cisco.com/netdevops
• NetDevOps Live! developer.cisco.com/netdevops/live
• NetDevOps Blogsblogs.cisco.com/tag/netdevops
• Network Programmability Basics Video Coursedeveloper.cisco.com/video/net-prog-basics/
Looking for more about NetDevOps?
![Page 52: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/52.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thanks for Joining Season 3
https://developer.cisco.com/netdevops/live/#s03
![Page 53: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/53.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Got more questions? Stay in touch!
[email protected]@hfprestonhttp://github.com/hpreston
@CiscoDevNetfacebook.com/ciscodevnet/ http://github.com/CiscoDevNet
Hank Preston developer.cisco.com
![Page 54: Logging and Back Again -A Network Engineers Journey with ELK](https://reader034.fdocuments.us/reader034/viewer/2022050123/626d751a14b3ce323a679e9e/html5/thumbnails/54.jpg)
https://developer.cisco.com/netdevops/live@netdevopslive