From 2c73f4ea0b24b30c5a4bb043324ffa448f57c10f Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Thu, 9 Nov 2017 07:01:40 -0800 Subject: [PATCH] [WIP] Logstash Netflow module tutorial (#5) * First draft of Logstash Netflow module tutorial * Incorporated writing style suggestions --- .../kibana/server/tutorials/netflow/index.js | 65 +++++++++++++++++++ .../kibana/server/tutorials/register.js | 2 + 2 files changed, 67 insertions(+) create mode 100644 src/core_plugins/kibana/server/tutorials/netflow/index.js diff --git a/src/core_plugins/kibana/server/tutorials/netflow/index.js b/src/core_plugins/kibana/server/tutorials/netflow/index.js new file mode 100644 index 00000000000000..11ef7f8df28277 --- /dev/null +++ b/src/core_plugins/kibana/server/tutorials/netflow/index.js @@ -0,0 +1,65 @@ +import { TUTORIAL_CATEGORY } from '../../../common/tutorials/tutorial_category'; +import { INSTRUCTION_VARIANT } from '../../../common/tutorials/instruction_variant'; + +export function netflowSpecProvider() { + return { + id: 'netflow', + name: 'Netflow', + category: TUTORIAL_CATEGORY.SECURITY, + shortDescription: 'Collect Netflow records sent by a Netflow exporter', + longDescription: 'The Logstash Netflow module simplifies the collection, normalization, and visualization of network flow data. ' + + 'With a single command, the module parses network flow data, indexes the events into Elasticsearch, and installs a suite of Kibana ' + + 'dashboards to get you exploring your data immediately. Logstash modules support Netflow Version 5 and 9. [Learn more]' + + '({config.elastic_docs.website_url}/guide/en/logstash/{config.elastic_docs.link_version}/netflow-module.html) about the Netflow ' + + 'module.', + //iconPath: '', TODO + completionTimeMinutes: 10, + //previewImagePath: 'kibana-apache.png', TODO + params: [ + { + 'netflow.var.input.udp.port': { + type: 'number', // TODO: Make this a const as well? + defaultValue: 2055 + } + } + ], + instructionSets: [ + { + title: 'Getting Started', + instructionVariants: [ + { + id: INSTRUCTION_VARIANT.OSX, + instructions: [ + { + title: 'Download and install Logstash', + textPre: 'Skip this step if Logstash is already installed. First time using Logstash? See the ' + + '[Getting Started Guide]({config.elastic_docs.website_url}/guide/en/logstash/{config.elastic_docs.link_version}' + + '/getting-started-with-logstash.html).', + commands: [ + 'curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-{config.kibana.version}.tar.gz', + 'tar xzvf logstash-{config.kibana.version}.tar.gz' + ] + }, + { + title: 'Setup the Netflow module', + textPre: 'In the Logstash install directory, run the following command to setup the Netflow module.', + commands: [ + './bin/logstash --modules netflow --setup', + ], + textPost: 'The --setup option creates a `netflow-*` index pattern in Elasticsearch and imports' + + ' Kibana dashboards and visualizations. Running `--setup` is a one-time setup step. Omit this step' + + ' for subsequent runs of the module to avoid overwriting existing Kibana dashboards.' + }, + { + title: 'Start Logstash', + commands: [ + './bin/logstash --modules netflow -M netflow.var.input.udp.port={params.netflow.var.input.udp.port}' + ] + } + ] + } + ] + } + ] + }; +} diff --git a/src/core_plugins/kibana/server/tutorials/register.js b/src/core_plugins/kibana/server/tutorials/register.js index d79e1ed869ac6e..64165435af2d26 100644 --- a/src/core_plugins/kibana/server/tutorials/register.js +++ b/src/core_plugins/kibana/server/tutorials/register.js @@ -6,6 +6,7 @@ import { nginxLogsSpecProvider } from './nginxLogs'; import { nginxMetricsSpecProvider } from './nginxMetrics'; import { mysqlLogsSpecProvider } from './mysqlLogs'; import { mysqlMetricsSpecProvider } from './mysqlMetrics'; +import { netflowSpecProvider } from './netflow'; export function registerTutorials(server) { server.registerTutorial(systemLogsSpecProvider); @@ -16,4 +17,5 @@ export function registerTutorials(server) { server.registerTutorial(nginxMetricsSpecProvider); server.registerTutorial(mysqlLogsSpecProvider); server.registerTutorial(mysqlMetricsSpecProvider); + server.registerTutorial(netflowSpecProvider); }