Setup & Configuration

The Elasticsearch module is included with the Atatus Infra agent by default, please follow the below steps to enable.

  1. Add the following lines in the file /etc/atatus-infra-agent/atatus.yml.

    copy
    icon/buttons/copy 
    logs_enabled: true

  2. Copy the Elasticsearch example configuration file.

    copy
    icon/buttons/copy 
    cd /etc/atatus-infra-agent/conf.d/elasticsearch.d/
sudo cp elasticsearch.yml.template elasticsearch.yml

  3. Update the file /etc/atatus-infra-agent/conf.d/elasticsearch.d/elasticsearch.yml with below configurations.

    copy
    icon/buttons/copy 
    # Log section
logs:

  # - type : (mandatory) type of log input source (audit / deprecation / gc / server / slowlog)

  - type: audit
  - type: deprecation
  - type: gc
  - type: server
  - type: slowlog
    copy
    icon/buttons/copy 
    # If you have custom elasticsearch log path, you can use below syntax

  # - type: (mandatory) type of log input source (audit / deprecation / gc / server / slowlog)
  #   paths: (mandatory) Set paths if type is file
  #   service: (mandatory) name of the service owning the log
  #   source: (mandatory) attribute that defines which integration is sending the log

# Log section
logs:
   - type: audit
     paths:
        - /var/log/elasticsearch/*_access.log
        - /var/log/elasticsearch/*_audit.log
        - /var/log/elasticsearch/*_audit.json
     source: elasticsearch
     service: elasticsearch
   - type: deprecation
     paths:
        - /var/log/elasticsearch/*_deprecation.log
        - /var/log/elasticsearch/*_deprecation.json
     source: elasticsearch
     service: elasticsearch
   - type: gc
     paths:
        - /var/log/elasticsearch/gc.log.[0-9]*
        - /var/log/elasticsearch/gc.log
     source: elasticsearch
     service: elasticsearch
   - type: server
     paths:
        - /var/log/elasticsearch/*_server.log
        - /var/log/elasticsearch/*_server.json
     source: elasticsearch
     service: elasticsearch
   - type: slowlog
     paths:
        - /var/log/elasticsearch/*_index_search_slowlog.log
        - /var/log/elasticsearch/*_index_indexing_slowlog.log
        - /var/log/elasticsearch/*_index_search_slowlog.json
        - /var/log/elasticsearch/*_index_indexing_slowlog.json
     source: elasticsearch
     service: elasticsearch

  4. Restart the atatus infrastructure agent.

    copy
    icon/buttons/copy 
    sudo service atatus-infra-agent restart