Getting started with HeartBeat

Monitor uptime for your applications and servers

Photo by Chris Liverani on Unsplash

Heartbeat is a lightweight shipper that can periodically check the status of your services and determine whether they are available.

Heartbeat currently supports monitors for checking hosts via:

• ICMP (v4 and v6) Echo Requests. Use the icmp monitor when you simply want to check whether a service is available. This monitor requires root access.
• TCP. Use the tcp monitor to connect via TCP. You can optionally configure this monitor to verify the endpoint by sending and/or receiving a custom payload.
• HTTP. Use the http monitor to connect via HTTP. You can optionally configure this monitor to verify that the service returns the expected response, such as a specific status code, response header, or content.

Lab Setup

In this article, We’ll need a single-node elastic search cluster(refer to this article for instructions) and two apache webservers. I have used the GCP platform to build my test lab since it offers $300 USD free trial credit but you can do it on your servers or any other public cloud platform as well.

Heartbeat Installation

Note: You’ll need an existing elastic search cluster to store log data and Kibana to visualize this data. We will also need metric beat installed on this server.

1. Please read this article to help set up a single-node elastic search instance and Kibana.
2. Please read this article to help set up the metric beat.

We’ll use the APT repository method to install Heartbeat.

Installation and configuration of heartbeat on ELK Server

1. Install heartbeat

sudo apt-get update && sudo apt-get install heartbeat-elastic

2. Configure heartbeat

sudo nano /etc/heartbeat/heartbeat.yml
### Live Reloadding
reload.enabled: true
reload.period: 5s
### Kibana
host: “localhost:5601”
### elasticsearch output
hosts: [“localhost:9200”]
protocol: “http”
username: “elastic”
password: “goodwitch”
### logging.to_files: true
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/heartbeat
name: heartbeat
keepfiles: 7
permissions: 0644
### setup monitoring through metricbeat
http.enabled: true
http.port: 5069

3. Enable beat-pack if not already enabled

sudo metricbeat modules enable beat-xpack

4. configure beat-expack

sudo nano /etc/metricbeat/modules.d/beat-xpack.yml
hosts: [“http://localhost:5069"]
username: “beats_system”
password: “avatar”

5. Validate metricbeat service is running

systemctl status metricbeat

6. start heartbeat

systemctl start heartbeat-elastic

7. configure monitors

cp sample.icmp.yml.disabled icmp.yml
cp sample.http.yml.disabled http.yml
cp sample.tcp.yml.disabled tcp.yml

7.1 ICMP monitor

id: icmp-status
name: icmp status check
enabled: true
hosts: [“192.168.2.19”, “35.197.123.189”]
tags: [“web-tier”]

7.2 http monitor

id: web-status
name: web status check
enabled: true
enabled: true
hosts: [“http://localhost:9200", “http://localhost:5601"]
username: ‘elastic’
password: ‘goodwitch’
tags: [“elk”]

7.3 tcp monitor

id: ssh-status
name: ssh status check
enabled: true
hosts: [“192.168.2.19:22”]

8. Stack monitoring

If your heartbeat service has been successfully deployed and configured, you should be able to see heartbeat come up under stack monitoring-> Beats

11. Dashboards

Finally, you can go to dashboards and check one of the pre-built dashboards for heartbeat

So, here’s how you can configure audit beat to monitor your users and processes.

If you want to do some hands-on practice on Elaticsearch, here is the link to my youtube playlist where I show you how to can set up a lab setup with 2 apache servers feeding data to a single-node Elasticsearch cluster deployed on a google cloud platform or GCP.