You can configure your integration servers to send any or all of your logging and event
data, in the form of BIP message logs, message flow monitoring events, and activity logging events,
to a Logstash input plug-in in an Elasticsearch, Logstash, and Kibana (ELK) stack. This
configuration enables you to display the reported information in a Kibana dashboard.
About this task
To enable your IBM App Connect Enterprise integration servers to send logging and
event information to a Logstash input in an ELK stack, you must configure the integration node or
server by setting the properties in the node.conf.yaml or
server.conf.yaml file.
For more information about configuring an integration node or server, see Configuring an integration node by modifying the node.conf.yaml file or Configuring an integration server by modifying the server.conf.yaml file.
Procedure
Complete the following steps to enable your integration servers to send logging and
event data to a Logstash input in an ELK stack:
- Decide which of the following Logstash input protocols that you want to use:
beats
beatsTls
http
https
This information determines the property values that you set in the following steps.
For
more information about the Logstash input protocols that you can use to connect IBM App Connect Enterprise to the ELK stack, see the Logstash
reference documentation online.
- Open the node.conf.yaml or server.conf.yaml
configuration file for your integration node or server, by using a YAML editor.
You can edit the file by using the built-in YAML editor that is provided in the IBM App Connect
Enterprise Toolkit, either by double-clicking the file in the Application
Development view or by right-clicking the file and selecting . If you choose to edit the file by
using a plain text editor, ensure that you do not include any tab characters (which are not valid in
YAML) and use a YAML validation tool to validate the contents of your file.
- Configure the integration node or server to use your chosen Logstash input protocol
(
beats
, beatsTls
, http
, or
https
), by setting properties in the ELKConnections
section of the
node.conf.yaml or server.conf.yaml file:
ELKConnections:
# Description for ELK Connections.
# elkConnection1:
# elkProtocol: 'beats' # Logstash input protocol. Valid values are: 'beats', 'beatsTls', 'http', or 'https'.
# hostname: 'myhost.domain.com' # Hostname for the elkProtocol endpoint.
# port: 0 # Port for the elkProtocol endpoint.
# uploadIntervalMilliSecs: 60000 # Interval between uploading cached data, set in milliseconds.
# elkCredential: '' # Set an 'elk' credential alias name to enable basic authentication, if it is required by the Logstash input protocol.
# keystoreFile: '/path/to/keystore.jks' # Set the path to the keystore to be used, if it is required by the Logstash input protocol.
# keystorePass: 'P4s5w0rd' # Set the password, or 'keystore' credential alias to the password, of the keystore.
# keyAlias: '' # Set the alias name of the private key, if mutual authentication is required by the Logstash input protocol.
# KeyPassword: '' # Set the password, or 'keystorekey' credential alias to the password, for accessing the private mutual authentication key.
# truststoreFile: '/path/tp/truststore.jks' # Set the path to the truststore to be used, if it is required by the Logstash input protocol.
# truststorePass: 'P4s5w0rd' # Set the password, or 'truststore' credential alias to the password, for accessing the truststore.
For example, to connect to an unsecured Logstash input plug-in by using the
beats
input protocol, on
localhost
port
5044
, and
to upload the log data every 30 seconds, set the following properties:
ELKConnections:
elkbeats:
elkProtocol: 'beats'
hostname: 'localhost'
port: 5044
uploadIntervalMilliSecs: 30000
- Optional: If you are connecting to a secured Logstash input plug-in,
configure the security credentials that are required to access it. For example, if you are using
HTTP to connect to a Logstash input plug-in that requires a username and password, configure the
integration node or server to use an
elk
credential for basic authentication
(basicAuth), by completing the following steps:
- Update the
node.conf.yaml
or server.conf.yaml
file
to specify a credential to be used for basic authentication (basicAuth), by specifying the
credential name in the elkCredential property; for example:
- Use the mqsicredentials command to create the security credential that you
specified in the .conf.yaml file (
elk_ID
), setting the
username and password, and a credential type of elk
:
mqsicredentials --work-dir elk_work_dir --create --credential-name elk_ID --credential-type elk --username user1 --password passw0rd1
- Optional: Enable App Connect Enterprise BIP messages to be
sent to the configured ELK Connection, by setting properties in the
Log
section of
the .conf.yaml file:
Log:
#consoleLog: true # Control writing BIP messages to standard out. Set to true or false, default is true.
#outputFormat: 'text' # Control the format of BIP messages written to standard out and file. Set to ibmjson or text, default is text.
#eventLog: '[iib.system-work-dir]/log/[iib.system-node-label].[iib.system-server-label].events.txt' # Control writing BIP messages to file. Set to '' to disable, default is as shown.
#eventLogFileSize: 10 # The maximum size in MB of an event log file before it is rotated into a new file
#eventLogFileCount: 10 # The maximum number of event log files that should be rotated between.
#elkLog: false # Control the publication of BIP messages to an ELK (Elasticsearch, Logstash, Kibana) stack. Set to true or false, default is false.
#elkConnections: '' # Name of the ELK connection to use, for example 'elkConnection1'
# Each named ELK Connection must be defined in the ELKConnections section below.
For example, to enable logs data to be sent to the ELK Connection that was configured in the
previous example (
elkbeats
), set the following properties:
Log:
elkLog: true
elkConnections: 'elkbeats'
- Optional: Optionally, enable IBM App Connect Enterprise message
flow monitoring events to be sent to the configured ELK Connection, by setting properties in the
Events.BusinessEvents.ELK section of the .conf.yaml file:
Events:
BusinessEvents:
ELK:
#enabled: false # Set true or false, default false
#outputFormat: 'json' # Set json, default json
#elkConnections: '' # Name of the ELK connection to use, for example 'elkConnection1', must be defined in the ELKConnections section below.
Also, ensure that Monitoring is enabled in the Monitoring.MessageFlow section of the
.conf.yaml file:
Monitoring:
MessageFlow:
#publicationOn: 'inactive' # choose 1 of : active|inactive, default inactive
- Optional: Deploy an Activity Log policy to the integration server, with the
elkLog property set to
true
and the
elkConnections property set to match the name of an ELK connection
configuration specified in ELKConnections section of the .conf.yaml
file.
- Restart the integration server for the changes to take effect.
The
integration server's log events in the form of BIP message logs, message flow monitoring events (or
both), are sent to the configured Logstash input plug-in.
When the integration server starts
delivering BIP message logs, message flow monitoring events (or both), to the configured Logstash
input, a confirmation message is written to the log; for
example:
BIP6503I: ( CHECK.IS2 ) The integration server successfully sent data to ELK connection ''ELKbeats''
using elkProtocol ''beats'', hostname ''localhost'' and port ''5444''.
If the
integration server is unable to deliver event data to the configured Logstash input, a BIP message
is logged to the integration server's local event log; for
example:
BIP3888E: ( CHECK.IS2 ) The ELK connector ''ELKbeats'' failed to send data to ''localhost:5444''.
Error details: ''SocketException BIP3150E: ImbBasicSocket::connectTimeout "An error occurred whilst performing a socket operation:
getsockopt" [::connect::select(), 10061, No connection could be made because the target machine actively refused it.