Contents x
    Setup Audits
    • 18 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Setup Audits

    • Updated on 18 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Pipeline Overview

    Greymatter packages an audit pipeline on install, which includes services to collect, analyze, route and visualize data as it flows throughout your service connectivity fabric. Our audits break down user, device (i.e. SIM card if used for 5G purposes), and endpoint general application networking traffic patterns, build experience scorecards, create live user tracks, and highlight noteworthy extrema.

    Pre-requisites

    • A deployed instance of Elasticsearch 8.x.

    • A deployed instance of greymatter.

    Setup

    Greymatter uses Elasticsearch to index and visualize audits in the included audits dashboard. You need to setup an Elasticsearch index, you can use any of the cloud managed service instances or follow Elasticsearch guidelines to setup a self-hosted cluster.

    You must setup the Greymatter-audits secret which will allow access to your ElasticSearch environment:

    Secret Name

    Required

    Description

    greymatter-audits

    x

    The credentails to the Elasticsearch that will store the Greymatter audit information.

    kubectl create secret generic greymatter-audits \
  --from-literal=elasticsearch_username=<your-elastic-account-username> \
  --from-literal=elasticsearch_password=<your-elastic-account-password> \
  -n greymatter

    Once your Elastic Search environment is setup and the necessary secret is created, navigate to your greymatter-core directory to update inputs.cue.

    Step 1: Open inputs.cue and search for the audits section, set elasticsearch_host and elasticsearch_port to reference your Elasticsearch instance.

    	audits: {
		storage_index: "gm-audits-%Y-%m"
		query_index: "gm-audits*"
		elasticsearch_host: <your-elasticsearch_host>
		elasticsearch_port: <your-elasticsearch-port>
		elasticsearch_endpoint: "https://\(elasticsearch_host):\(elasticsearch_port)"
		elasticsearch_secret: "greymatter-audits"
		elasticsearch_tls_verify_certificate: true
	}

    Step 2: Ensure that enable_audits is set to true within the config block at the top of inputs.cue.

    enable_audits: bool | *true @tag(enable_audits,type=bool)

    Step 3: Save and push to your GitOps repo.

    Greymatter will automatically create an index when the first audit events begin flowing through the system and continue to create new indexes each month, to efficiently organize your audit events. You can see the details of the index pattern in greymatter-core inputs.cue under the audits section.

    Verification

    Navigate to the audits dashboard in greymatter and you should now see data in the charts. The audits dashboard is accessible at https://HOST:10908/services/audits, be sure to replace HOST with your externally addressable IP, ALB, or DNS value.

    For more details on the audits you can view Working with Audits or refer the Audits Index for details.

    Was this article helpful?
    What's Next
    Greymatter is a Service Connectivity Platform for Connected, Secure & Scalable Multicloud and Mobile Private Network Solutions.
    Products
    Greymatter.io
    Connect With Us
    Copyright © Greymatter.io Inc. All Rights Reserved