Contents x
    Setup Audits
    • 05 Sep 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Setup Audits

    • Updated on 05 Sep 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Pipeline Overview

    Greymatter packages an audit pipeline on install, which includes services to collect, analyze, route and visualize data as it flows throughout your enterprise. Our audits break down user and endpoint general application networking traffic patterns, build experience scorecards, create live user tracks, and highlight noteworthy extrema.

    Pre-requisites

    • A deployed instance of Elasticsearch 8.x.

    • A deployed instance of greymatter.

    Setup

    As mentioned in the prerequisites, Greymatter uses Elasticsearch to index and visualize audits in the included audits dashboard. If you have not setup an Elasticsearch index you can use any of the cloud managed service instances or follow Elasticsearch guidelines to setup a self-hosted cluster.

    Let's confirm you setup the Elasticsearch secret in the correct namespace.

    Run the following command:

    kubectl get secrets -n greymatter

    This will return a list of secrets. You should see the greymatter-audits secret in the list returned.

    If you have not setup the secret please run the following command:

    Secret Name

    Required

    Description

    greymatter-audits

    x

    The credentails to the Elasticsearch that will store the Greymatter audit information.

    kubectl create secret generic greymatter-audits \
  --from-literal=elasticsearch_username=<your-elastic-account-username> \
  --from-literal=elasticsearch_password=<your-elastic-account-password> \
  -n greymatter

    Once your Elastic Search environment is setup and the necessary secret is created, navigate to your greymatter-coredirectory to update inputs.cue.

    Step 1: Open inputs.cue within the audits section, set elasticsearch_host and elasticsearch_port to reference your Elasticsearch instance.

    	audits: {
		storage_index: "gm-audits-%Y-%m"
		query_index: "gm-audits*"
		elasticsearch_host: <your-elasticsearch_host>
		elasticsearch_port: <your-elasticsearch-port>
		elasticsearch_endpoint: "https://\(elasticsearch_host):\(elasticsearch_port)"
		elasticsearch_secret: "greymatter-audits"
		elasticsearch_tls_verify_certificate: true
	}

    Step 2: Ensure that enable_audits is set to true within the config block at the top of inputs.cue.

    enable_audits: bool | *true @tag(enable_audits,type=bool)

    Step 3: Save and push to your GitOps repo.

    Greymatter will automatically create an index when the first audit events begin flowing through the system and continue to create new indexes each month, to efficiently organize your audit events. You can see the details of the index pattern in greymatter-core inputs.cue under the audits section.

    Verification

    Navigate to the audits dashboard in greymatter and you should now see data in the charts. The audits dashboard is accessible at https://HOST:10908/services/audits, be sure to replace HOST with your externally addressable IP, ALB, or DNS value.

    Was this article helpful?
    What's Next
    Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy.
    Products
    Company
    Top Features
    Solutions
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © Abc Inc. All Rights Reserved