Getting started with HeartBeat
Monitor uptime for your applications and servers
Heartbeat is a lightweight shipper that can periodically check the status of your services and determine whether they are available.
Heartbeat currently supports monitors for checking hosts via:
- ICMP (v4 and v6) Echo Requests. Use the icmp monitor when you simply want to check whether a service is available. This monitor requires root access.
- TCP. Use the tcp monitor to connect via TCP. You can optionally configure this monitor to verify the endpoint by sending and/or receiving a custom payload.
- HTTP. Use the http monitor to connect via HTTP. You can optionally configure this monitor to verify that the service returns the expected response, such as a specific status code, response header, or content.
Lab Setup
In this article, We’ll need a single-node elastic search cluster(refer to this article for instructions) and two apache webservers. I have used the GCP platform to build my test lab since it offers $300 USD free trial credit but you can do it on your servers or any other public cloud platform as well.
Heartbeat Installation
Note: You’ll need an existing elastic search cluster to store log data and Kibana to visualize this data. We will also need metric beat installed on this server.
- Please read this article to help set up a single-node elastic search instance and Kibana.
- Please read this article to help set up the metric beat.
We’ll use the APT repository method to install Heartbeat.
Installation and configuration of heartbeat on ELK Server
- Install heartbeat
sudo apt-get update && sudo apt-get install heartbeat-elastic
2. Configure heartbeat
sudo nano /etc/heartbeat/heartbeat.yml### Live Reloaddingreload.enabled: truereload.period: 5s### Kibanahost: “localhost:5601”### elasticsearch outputhosts: [“localhost:9200”]protocol: “http”username: “elastic”password: “goodwitch”### logging.to_files: truelogging.level: infologging.to_files: truelogging.files:path: /var/log/heartbeatname: heartbeatkeepfiles: 7permissions: 0644### setup monitoring through metricbeathttp.enabled: truehttp.port: 5069
3. Enable beat-pack if not already enabled
sudo metricbeat modules enable beat-xpack
4. configure beat-expack
sudo nano /etc/metricbeat/modules.d/beat-xpack.ymlhosts: [“http://localhost:5069"]username: “beats_system”password: “avatar”
5. Validate metricbeat service is running
systemctl status metricbeat
6. start heartbeat
systemctl start heartbeat-elastic
7. configure monitors
cp sample.icmp.yml.disabled icmp.ymlcp sample.http.yml.disabled http.ymlcp sample.tcp.yml.disabled tcp.yml
7.1 ICMP monitor
id: icmp-statusname: icmp status checkenabled: truehosts: [“192.168.2.19”, “35.197.123.189”]tags: [“web-tier”]
7.2 http monitor
id: web-statusname: web status checkenabled: trueenabled: truehosts: [“http://localhost:9200", “http://localhost:5601"]username: ‘elastic’password: ‘goodwitch’tags: [“elk”]
7.3 tcp monitor
id: ssh-statusname: ssh status checkenabled: truehosts: [“192.168.2.19:22”]
8. Stack monitoring
If your heartbeat service has been successfully deployed and configured, you should be able to see heartbeat come up under stack monitoring-> Beats
11. Dashboards
Finally, you can go to dashboards and check one of the pre-built dashboards for heartbeat
So, here’s how you can configure audit beat to monitor your users and processes.
If you want to do some hands-on practice on Elaticsearch, here is the link to my youtube playlist where I show you how to can set up a lab setup with 2 apache servers feeding data to a single-node Elasticsearch cluster deployed on a google cloud platform or GCP.