1

Elastic Fleet Server & elastic-agent common troubleshooting

Common troubleshooting items for any fleet & elastic-agent issues can be found on https://www.elastic.co/guide/en/fleet/current/fleet-troubleshooting.html however there are a few items that I would like to add. Whitespaces When you start the elastic-agent on an endpoint and even if you have everything configured for your elastic-agent, the right policy, integrations, etc however no data is going into elasticsearch. The most common issue is that there is something wrong with your fleet settings. This can be edited from kibana -> fleet -> settings. Either your ES endpoint / Fleet server endpoint / Advanced YAML settings are wrong or there might even be… Continue Reading

4

Fleet server with logstash output – elastic-agent

I think one of the biggest issue with fleet and elastic-agent was that it was limited on the outputs so if you had tons and tons of elastic-agents in the wild it would all connect back to your elasticsearch and can overwhelm the cluster. Starting 8.2 of elasticsearch logstash output type was introduced.. it is still in BETA at this time but I just tried it and it worked very nicely! The steps to setup the logstash output is listed on https://www.elastic.co/guide/en/fleet/8.2/secure-logstash-connections.html but I wanted to try it out and document it. Install & configure logstash Install yum install logstash-8.2.2… Continue Reading

2

Updated deploy-elastic script – version 8

Last update to version 7 is listed here The original post for the deploy-elastic.sh script is here. Changes: fully tested from 6.x-8.2(will most likely work with future 8.x versions) decoupled non stack modes from checking versions so that you can add the secondary components like monitoring/fleet/apm/enterprise-search using different version than the stack version. Just install the stack first then install the secondary components with different versions. Secondary versions can not be higher than the stack version. This will allow you to test using different versions fleet setting is now auto-populated. The script will gather the machines external IP and set… Continue Reading

1

ECE(elastic cloud enterprise) snapshot repository using object storage(minio) with self-signed TLS

Just FYI this is a complete rewrite of the previous article. It should be better organized and more closely align with real world situations. We will stand up a minio server with self-signed or internally signed SSL certificate that is not publicly trusted. This guide will work with any s3 compliant object storage not just minio. The certificate that we will create will be for internal use but you can and should create a more secure certificate to be used in your environment. If you have s3 compliant object storage with publicly trusted signed SSL certificate then all you would… Continue Reading

0

Install and configure a mailserver in docker container – Migrated to a new server 3 of 4

This is the third section in the 4 part series of migrating my server Install and configure the host machine Install and configure a database and webserver Install and configure a mailserver – we are here Install and configure vaultwarden Tie everything back to 1. for backups, misc, etc Dockerized mailserver We will install a dockerized mailserver, a sort of all in one that will run a full fledged secure mail service. There are many containers that can perform this and on my previous servers I used iRedmail. The main issue with most containerized mail solutions is that it requires… Continue Reading

1

ECE(Elasticsearch Cloud Enterprise) snapshots with minio – TLS!

PLEASE use THIS POST instead, as many items were updated and changed. Configuring snapshots for ECE(Elasticsearch Cloud Enterprise) or deployments for ECE from a S3 object storage or on a s3 compliant storage with publicly trusted certificates are easy but how do you configure the snapshot repository if you are using self-signed or internally signed certificates ? There are 2 ways of configuring snapshot repository and snapshots on ECE. First you can configure the snapshot repository on ECE. Once you configure the snapshot repository in the Admin UI, you can configure found-snapshots for each deployment via the Admin UI. Unfortunately,… Continue Reading

0

Fast portable wiki that syncs to your private github repo

I been needing alot of things lately. I was using evernote to keep my notes and ever since they changed their free offering, I’ve had my notes scattered all over notepad++, atom, code, etc and needed a quick and fast place to stop and keep up with my notes. I needed something portable and that will not get deleted, so I came up with my wiki.sh script! Features tested on macOS, linux, wsl creates wiki directory in your ${HOME} cleanup clearns off everything runs in both http and https ports are configurable do not need root, just need to be… Continue Reading

6

Quickly deploy elasticsearch with docker

UPDATE: there is a new version that was released in March 2022 and you can read about it here I needed a way to quickly stand up various versions of elasticsearch for testing. Sometimes just 1 instance was needed and at other time a small cluster and configure it with TLS and security settings. I spent way too much time installing and reinstalling the software on my vm and knew that this will not work well for me. So I set out to look for a light weight, portable, fast, re-produce-able solution that I can quickly stand up and delete… Continue Reading

1

kafka – stand up a test instance with SSL for testing

I had a need to stand up a Kafka instance with SSL to test SSL handshakes. Today was the first time looking at Kafka so needless to say I was a bit lost. 🙁 Started out looking up various projects and found some interesting things that enabled me to setup a instance of kafka using docker containers with SSL. Requirements: git, docker, docker-compose installed on your server. Clone wurstmeister/kafka repo Get confluent’s kafka-generate-ssl.sh script, run it and follow all the instructions. Please make sure to remember the passphrase and the truststore/keystore passwords. This will generate the following Create “certs” directory… Continue Reading