Logstash configuration

Prerequisites

Ensure that the following plugins are installed and enabled:

logstash-filter-json;
logstash-filter-dns.

All steps described below has to be performed on each EverTrust OCSP node you want to monitor.

Configuration

Step 1: Retrieve the 'ocspd-dictionary.yml' on the Web Management Console of one of your EverTrust OCSP;

Step 2: Upload the 'ocspd-dictionary.yml' file under '/usr/share/logstash/config/' on the Logstash server;

Step 3: Upload the 'ocspd-pipeline.yml' file on the Logstash server;

Step 4: Modify the following lines of the 'ocspd-pipeline.yml' file to specify the Elasticsearch host(s) and the authentication information:

elasticsearch {
                        hosts => ["ELASTICSEARCH_HOST:ELASTICSEARCH_PORT"]
                        user => "ELASTICSEARCH_USER"
                        password => "ELASTICSEARCH_PASSWORD"
                }

Step 4: Modify your current Logstash configuration to use the new 'ocspd-pipeline.yml';

Step 5: Restart the Logstash service with the following command:

# systemctl restart logtash