Pairing ELK with Now Assistant

In this guide we're going to establish communication between Now Assistant and ELK. We'll start by setting up Now Assistant to send event logs to our hosted ELK instance. To do so, let's navigate to the install directory of Now Assistant → Web → Config folder and find a file named 'log4net.config':

Finding log4net

We're going to edit this file to send event logs to our ELK instance in the JSON format. In the file we need to find the <root> tag and modify it to look like this:

<root>
    <!-- Value of priority may be ALL, DEBUG, INFO, WARN, ERROR, FATAL, OFF. -->
    <priority value="WARN" />
    <appender-ref ref="error-file" />
    <appender-ref ref="json-file"/>
    <appender-ref ref="elk-server"/>
</root>

Then, if we scroll to the bottom of the file we should find an <appender> tag that has the name attribute set to 'elk-server' and within it we're going to set the <Url> value to be our ELK server address:

<appender name="elk-server" type="Orchard.Logging.adeninHttpAppender">
   <Url value="http://127.0.0.1:31311" />
   <layout type="Orchard.Logging.adeninJsonLayout"></layout>
</appender>

Note: You can set the port number to be any value, but keep it in mind as we'll need it for the next step.

This will enable our Now Assistant logs to be in JSON format and send them to our ELK server. Next, we're going to configure ELK to recognize the incoming input and store it in our Elasticsearch database. In order to do so we need to locate and modify the Logstash configuration.

Let's navigate to our ELK installation folder → logstash → conf folder and modify 'logstash.conf' file:

Logstash.conf file

We're going to amend our configuration file to look like this:

input {
  http {
    host => "127.0.0.1"
    port => 31311
  }
}

output {
     elasticsearch {
         hosts => [ "127.0.0.1:9200" ]
     }
 }

This will set ELK to receive input from Now Assistant and will output it straight to Elasticsearch's database using Logstash's http plugin. Note that we're using the same input port number as we've set previously in our 'log4net.config'.

Now if you log into Kibana you should be able to create an index pattern and see event fields from Now Assistant:

Fields from Now Assistant in Kibana dashboard

Setting Authentication

To set up basic authentication with Logstash, we can edit the 'log4net.config' and 'logstash.conf' files to include a username and password. Requests made to our ELK instance without these credentials would result in a '401 Unauthorized' response. First of all, let's add <UserId> and <Password> tags to our ELK server appender in 'log4net.config' file:

<appender name="elk-server" type="Orchard.Logging.adeninHttpAppender">
   <Url value="http://127.0.0.1:31311" />
   <UserId value="myuser" /> 
   <Password value="p@ssWord!" />
   <layout type="Orchard.Logging.adeninJsonLayout"></layout>
</appender>

Similarly, we'll edit the 'logstash.conf' file to match our username and password:

input {
  http {
    host => "127.0.0.1"
    user => myuser
    password => "p@ssWord!"
    port => 31311
  }
}

output {
     elasticsearch {
         hosts => [ "127.0.0.1:9200" ]
     }
 }

Now we've set up basic authentication!

Last updated: Fri 03 Nov, 2017