This all assumes you already have Elastic Stack up and running.
If you don't, that is beyond the scope of this particular project, but very easy to get going with deviantony's repo!
Credit for this work goes to others, I simple modified/modernized their work!
- Beats compiling/config for USG - caglar10ur
- Elastic Stack - deviantony
On your Linux machine where you have docker and go.
git clone https://github.com/owentl/elk-unifi.git ~/elk-unifimkdir -p ~/go/src/github.com/elastic/
git clone -b v7.6.2 https://github.com/elastic/beats.git ~/go/src/github.com/elastic/beats
pushd ~/go/src/github.com/elastic/beats/filebeat
GOOS=linux GOARCH=mips64 go build -o ~/elk-unifi/filebeat/filebeat
popd
pushd ~/go/src/github.com/elastic/beats/metricbeat
GOOS=linux GOARCH=mips64 go build -o ~/elk-unifi/metricbeat/metricbeat
popdNow we need to setup the files to report back to your Elastic Stack. Change the references to 192.168.1.208 to the IP of your Elastic Stack
vi ~/elk-unifi/filebeats/filebeats.ymlvi ~/elk-unifi/metricbeats/metricbeats.ymlscp -pr ~/elk-unifi/ admin@192.168.1.1:ssh 192.168.1.1 -l admincd elk-unifi/filebeat
./filebeat setup --path.config /home/admin/elk-unifi/filebeat/./filebeat --path.config /home/admin/elk-unifi/filebeat/cd elk-unifi/metricbeats
./metricbeat setup --path.config /home/admin/elk-unifi/metricbeat/./metricbeat -e --path.config /home/admin/elk-unifi/metricbeat/nohup /home/admin/elk-unifi/filebeat/filebeat run -c /home/admin/elk-unifi/filebeat/filebeat.yml >/dev/null 2>&1 &
nohup /home/admin/elk-unifi/metricbeat/metricbeat run -c /home/admin/elk-unifi/metricbeat/metricbeat.yml >/dev/null 2>&1 &#preserve mips based filebeat
mv ~/elk-unifi/filebeat/filebeat ~/elk-unifi/filebeat/filebeat-mips
pushd ~/go/src/github.com/elastic/beats/filebeat
GOOS=linux GOARCH=arm GOARM=7 go build -o ~/elk-unifi/filebeat/filebeat
popd
#preserve mips based metricbeat
mv ~/elk-unifi/metricbeat/metricbeat ~/elk-unifi/metricbeat/metricbeat-mips
pushd ~/go/src/github.com/elastic/beats/metricbeat
GOOS=linux GOARCH=arm GOARM=7 go build -o ~/elk-unifi/metricbeat/metricbeat
popdscp -pr ~/elk-unifi/ root@192.168.1.2:ssh root@192.168.1.2Edit each yml file and set the correct path. On USG it is /home/admin and CloudKey it is /root/
By default the cloudkey Plus will forward all http connections over to https.
I am not an nginx person so I presume there is a better way to do than this, but it works for me
Edit the unifi site:
/etc/nginx/sites-available/unifi-management-portal
and add the below after the server_tokens off; line in the first "server" stanza
location /nginx_status {
stub_status on;
allow 127.0.0.1; #only allow requests from localhost
deny all; #deny all other hosts
}Comment out the line:
#return 302 https://$host$request_uri;
Now restart nginx for these changes to go into effect
systemctl restart nginx
mkdir /var/log/filebeat
mkdir /var/log/metricbeat
chmod 700 /var/log/filebeat
chmod 700 /var/log/metricbeatcd elk-unifi/filebeat
./filebeat --path.config /root/elk-unifi/filebeat/ modules enable nginx
./filebeat --path.config /root/elk-unifi/filebeat/ modules enable mongodb
cd elk-unifi/metricbeat
./metricbeat --path.config /root/elk-unifi/metricbeat/ modules enable nginx
./metricbeat --path.config /root/elk-unifi/metricbeat/ modules enable mongodbcd elk-unifi/filebeat
./filebeat setup --path.config /root/elk-unifi/filebeat/mv /root/elk-unifi/filebeat/cloudkey/filebeat.service /lib/systemd/system/filebeat.service
mv /root/elk-unifi/metricbeat/cloudkey/metricbeat.service /lib/systemd/system/metricbeat.service
systemctl daemon-reloadSince we already have a compiled ARM binary we can now use that on the raspberry pi. Follow the same steps for the Cloud Key config and get Filebeat running there.
If you are using Elk-Hole config you will need to also have Logstash configured and you can follow the steps there.