ELK for EverTrust OCSP description

To get a complete overview of the health and activity of an EverTrust OCSP infrastructure, several components are used. Each of them has a specific role in the complete logs processing and is described below.

Logs agents

  • Metricbeat to collect System logs. Metricbeat is an ELK agent to periodically collect metrics from the operating system and from services running on the EverTrust OCSP node;

  • Filebeat to collect NGINX logs. Filebeat is an ELK agent to monitor the NGINX log files;

  • Syslog to collect EverTrust OCSP events. EverTrust OCSP supports the Syslog standard to spool event regarding the application activity.

Logs collector, aggregator and transformer

  • Logstash is used as a centralized point of logs collection from all inputs described above. Logstash is configured to receive and transform logs inputs.

Logs storage and indexation

  • Elasticsearch is used as point of storage, indexation of logs received from Logstash. Elasticsearch stores all inputs from Logstash as JSON objects. It provides high capacity of research data.

Logs shaping and visualization

  • Kibana is a frontend application that sits on top of ELK stack. Kibana provides search and data visualization capabilities for data indexed in Elasticsearch.

ELK for EverTrust OCSP Overview

Diagram
Metricbeat and Filebeat are additional and optional components. They are used to provide a complete overview of an EverTrust OCSP infrastructure. The support, maintenance and evolution of this component is not provided by EverTrust.