WEBVTT

00:00.120 --> 00:05.610
OK, so now we can look at the low key data source, the lucky data source is about rating locavores

00:05.670 --> 00:06.530
from your service.

00:06.540 --> 00:11.910
Many servers and applications will store log files in a file that you can often just read in a text

00:11.910 --> 00:13.920
editor such as Web servers will do it.

00:13.920 --> 00:19.230
Database servers capable of calls The Journal System Day on Linux is a good source of information that

00:19.230 --> 00:20.400
we can also read to use it.

00:20.400 --> 00:25.830
Lucky data source We can install two extra services that work together, both written by professional

00:25.830 --> 00:26.280
labs.

00:26.340 --> 00:30.010
The first one being the low key service is what we'll install in this video.

00:30.040 --> 00:34.890
Now, the lucky service, if I go to the final lucky GitHub page is a process that will run on your

00:34.890 --> 00:38.110
server, and it's responsible for storing logs and processing queries.

00:38.130 --> 00:40.990
So it's a bit like an Eskimo server, but for log files.

00:41.010 --> 00:46.830
So the Gryphon low key data source that will set up will connect to the low key process running on your

00:46.830 --> 00:47.200
server.

00:47.220 --> 00:51.990
Now, like it doesn't exist by itself, something needs to be pushing data into it and will use prompt

00:51.990 --> 00:54.090
mail for that, and we'll discuss that in the next video from.

00:54.510 --> 01:00.030
Will read log files that you've asked it to and then send them off to low key so that Loki can store

01:00.030 --> 01:03.320
them and organize them in such a way for querying by Carafano.

01:03.420 --> 01:09.450
Anyway, so in Gryffindor, if you go to data sources and you add a data source down here, there's

01:09.450 --> 01:12.930
the low key data source says it's like Prometheus, but for logs.

01:12.930 --> 01:15.690
We haven't done Prometheus yet in this course, but we will.

01:15.690 --> 01:20.730
Anyway, before we can use that data source, we need to set up a service that the Likee data source

01:20.730 --> 01:21.420
will connect to.

01:21.450 --> 01:23.850
Similar to what we did when we set up my school.

01:23.910 --> 01:29.370
OK, so back at this diagram, we're now going to install low key service locally on the Gravano server.

01:29.370 --> 01:34.980
So from the perspective of the Karana application, the Loki service will be at one 20 seven zero zero

01:34.980 --> 01:36.930
one, which is the same as local host.

01:37.020 --> 01:41.550
OK, so all my documentation down here we can install the Loki binary.

01:41.670 --> 01:43.480
We'll set that up and that's these instructions here.

01:43.500 --> 01:45.450
So log on to your profile and a server.

01:45.480 --> 01:51.540
I'm now a microphone, a server root at Safana there, and I'm going to change to a folder usr local

01:51.540 --> 01:51.840
bin.

01:51.840 --> 01:53.730
So that's where I'll install the Loki binary.

01:53.760 --> 01:56.820
So city use local bin, I'm down usr local bin folder.

01:56.820 --> 02:03.420
I'm now going to download using kernel a zip file containing the Loki binary and dirty version two point

02:03.420 --> 02:04.090
four point one.

02:04.110 --> 02:05.760
Now, Loki is like a Farner.

02:05.790 --> 02:10.470
It is updated regularly, but if you want to see what the latest version is, you can visit that link

02:10.470 --> 02:10.740
there.

02:10.770 --> 02:15.840
It takes you to the Crafar Loki repository, the releases page, and I can see two point four point

02:15.870 --> 02:18.930
one, so we will install that, so copy that whole line.

02:18.970 --> 02:19.900
I'm going to just copy that.

02:19.900 --> 02:21.450
The clipboard is net icon now.

02:21.450 --> 02:22.740
Right click Enter.

02:22.800 --> 02:29.660
OK, so it's just downloaded the Loki Linux AMD64 zip and saved it into the user local bin folder.

02:29.670 --> 02:33.420
OK, for this type, less will sit there, then we have to unzip it.

02:33.420 --> 02:36.320
So unzip Loki won't accept a 64.

02:36.330 --> 02:37.980
I don't have unzip on my computer.

02:37.980 --> 02:43.160
I can install that quickly just by highlighting that right clicking and into I could have just typed

02:43.470 --> 02:44.130
on the keyboard.

02:44.490 --> 02:46.140
It's run that unzip again.

02:46.140 --> 02:49.980
So I was pressing the up arrow because it shows me what I typed in previously.

02:49.980 --> 02:51.420
So unzip hey.

02:51.430 --> 02:52.750
Inflating lists.

02:52.770 --> 02:53.700
There are two files now.

02:53.730 --> 02:57.120
Loki likes AMD64 and Loki, Linus and 64.

02:57.420 --> 03:03.330
So if I do less l'hygiene, it shows me that that file there has executed permissions.

03:03.330 --> 03:04.400
So this is good.

03:04.440 --> 03:06.330
Sometimes they don't have X permissions.

03:06.330 --> 03:09.000
If they don't, you can just run C mode.

03:09.020 --> 03:13.140
A-plus takes the name of the file and it will show you file as being executable.

03:13.150 --> 03:15.800
It's important that the file was executable and it already is for us.

03:15.810 --> 03:18.450
So this is previously in all the versions of Loki.

03:18.450 --> 03:23.250
You would have to manually make that file executable and that's why I have that amount of documentation

03:23.250 --> 03:24.450
still just in case.

03:24.580 --> 03:27.860
OK, so before we can start Loki, we need to do several things.

03:27.870 --> 03:31.850
One of those is to create a config false, so it's quite a config file using nano.

03:31.860 --> 03:33.330
So I was going to copy that line there.

03:33.330 --> 03:35.280
Ciudadano config Loki.

03:35.280 --> 03:35.550
Why?

03:36.000 --> 03:40.470
OK, so then I opened up a blank page and it's already clear that fall for us, but there's nothing

03:40.470 --> 03:40.530
in.

03:40.620 --> 03:45.270
So let's put something in a copy this text below or just press that icon.

03:45.360 --> 03:49.410
And if I right click it pasted all into and then our editor there.

03:49.950 --> 03:52.860
Now this is a default Loki configuration.

03:52.860 --> 03:59.040
I'm using version two point for one, and I got that from this official Bafana Loki link here on GitHub

03:59.040 --> 04:01.410
for using a newer version and two point four point one.

04:01.440 --> 04:04.910
Be sure to check that link to see if there's anything different in the configuration file.

04:04.920 --> 04:06.150
That's if you have problems.

04:06.420 --> 04:07.090
So just in case.

04:07.140 --> 04:09.690
OK, so back to nano, it's saved that.

04:09.690 --> 04:12.700
So Control X saved modified by thought yes.

04:12.700 --> 04:14.610
So I'm pressing Y for yes presenter.

04:14.640 --> 04:15.090
Very good.

04:15.090 --> 04:17.520
If I press Ellis now, there are three false sets.

04:17.520 --> 04:21.520
The configuration is the Loki binary, which is executable and the zip file.

04:21.540 --> 04:25.440
We no longer need a zip file, but I'll just leave it there anyway so we can start Loki now.

04:25.440 --> 04:29.790
But it's not really a good idea because if we close our society session, the Loki service will stop.

04:29.910 --> 04:34.080
So what we should do is set it up to run as a service so that it continues to run in the background

04:34.110 --> 04:35.910
because we wanted to run 24 hours a day.

04:35.940 --> 04:38.970
So what I'm going to do is create a system user called Loki.

04:38.970 --> 04:43.170
So copy that and that will be the user that will run the Loki process.

04:43.500 --> 04:45.840
Sudo add system Loki.

04:45.930 --> 04:53.430
And so I'm now going to create a file called Loki Service Copy that using nano again ciudadano ATC System

04:53.430 --> 04:57.330
D System Loki Service Press Enter.

04:57.420 --> 04:59.730
OK, so send, you know, empty file.

05:00.010 --> 05:02.830
Is full force and in that paste this text.

05:03.930 --> 05:10.050
This allows our low key Linux aimed big fall that we just created to run as a background service on

05:10.050 --> 05:10.530
our server.

05:10.560 --> 05:17.070
And that's the configuration file that is using usr local bin config Loki or just move the cursor along

05:17.070 --> 05:20.060
there will see that it's config Loki dot.

05:20.070 --> 05:20.720
Why email?

05:21.090 --> 05:21.600
Excellent.

05:21.690 --> 05:24.240
Or so you'll see that it's using a user.

05:24.250 --> 05:26.220
Loki we discovered that user control.

05:26.790 --> 05:27.420
Yes.

05:27.640 --> 05:31.470
And so we can now start stop Loki using these commands.

05:31.470 --> 05:34.350
So sudo service Loki start.

05:34.920 --> 05:38.880
OK, we can check its status and its active running.

05:38.880 --> 05:39.620
So to go.

05:39.630 --> 05:42.960
Loki is now running as a service on my Crafar server.

05:43.500 --> 05:45.210
I could always stop it if I wanted to.

05:45.600 --> 05:47.880
I'm not going to do that, but you can if you need to.

05:47.970 --> 05:52.230
Now, since we have Loki running, we cannot connect to that using Gafah.

05:52.290 --> 05:55.200
I'm already on the data source configuration page.

05:55.470 --> 05:57.480
I'm going to select Loki.

05:58.020 --> 05:59.520
Let me get the name Loki.

05:59.520 --> 06:00.630
That's a good name.

06:00.660 --> 06:07.780
We're going to connect to local host 3100, or you could even use one 20 seven zero zero one three one

06:07.790 --> 06:09.510
two and it's takes TTP.

06:10.350 --> 06:12.600
And that's from the perspective of our phone replication.

06:12.600 --> 06:16.410
So it's just another service running on the same server, listening on Port 3100.

06:16.890 --> 06:20.260
OK, so save and test data source connected and Labor's found.

06:20.310 --> 06:20.760
Excellent.

06:21.870 --> 06:25.860
We don't have any data inside Loki yet because we haven't set up pronto.

06:25.890 --> 06:31.650
We'll do that in the next video, but for now, we can at least go into the Explore tab and we can select

06:31.650 --> 06:32.430
it from the top down.

06:32.430 --> 06:34.620
Then Loki no logs found.

06:34.710 --> 06:35.340
It doesn't matter.

06:35.370 --> 06:36.560
We'll get on to that now.

06:36.570 --> 06:42.060
One thing to note there I'm using the digitalisation service, so I don't have a default firewall locking

06:42.060 --> 06:46.860
ports so I can actually access that Loki service across the internet.

06:46.860 --> 06:49.710
And that address is HTP.

06:49.830 --> 06:52.080
Fernando Espaco Dot Net Calling 3-1-1.

06:52.380 --> 06:57.420
Loki is listening on Port 100, but it's also accessible across the internet for me, so that would

06:57.420 --> 07:01.760
be your domain name if you use a domain name or your Cortana service IP address.

07:01.770 --> 07:02.520
That is my one.

07:02.520 --> 07:07.020
So if I press that I can see that there is actually a web server running there because this would turn

07:07.020 --> 07:08.640
to for if that's what web servers do.

07:08.640 --> 07:16.500
But if you just type splash metrics, it would turn this data, which are statistics about the Loki

07:16.500 --> 07:17.010
service.

07:17.040 --> 07:21.570
Now you probably don't want that to be exposed on the internet like that.

07:21.660 --> 07:25.940
If you're using it was security group won't have 3100 open already.

07:25.950 --> 07:30.570
But since I'm using an unrestricted Ubuntu server and I don't have a dedicated firewall, I'm going

07:30.570 --> 07:33.300
to block Port 3100 using IP tables.

07:33.960 --> 07:35.570
So that's down here.

07:35.580 --> 07:36.690
IP tables.

07:36.750 --> 07:43.410
I'm going to accept 3100 on local host only because the Raphinha's service needs to still query the

07:43.410 --> 07:44.300
Loki service.

07:44.310 --> 07:51.150
So about Mega-fauna server doesn't matter what forum and IP tables in port TCP local host destination

07:51.150 --> 07:57.180
Port 3100 Except until now, I'm going to drop everything else, so no other IP address will be able

07:57.180 --> 08:03.780
to connect to port three 100 IP tables in Port TCP, IP or 100 drop, and that line means drop everything

08:03.780 --> 08:04.140
else.

08:04.260 --> 08:09.200
I can verify that IP tables often now and they are my rules.

08:09.220 --> 08:12.710
Okay, so accepting local hosts three 100 dropping everything else.

08:12.720 --> 08:13.740
Okay, so excellent.

08:13.740 --> 08:16.030
We have the Loki service running on our server.

08:16.050 --> 08:19.390
Another thing it's also exposing Port nine zero nine six.

08:19.410 --> 08:23.010
It uses that for your PC communications for internal management.

08:23.070 --> 08:26.570
OK, so that port is also going to be accessible across the internet.

08:26.580 --> 08:32.070
If you're using a similar set up to me, for example, I'm on my windows machine and I have a program

08:32.070 --> 08:37.830
called Telnet installed and I can tell it to father daughter speak code dot net.

08:38.740 --> 08:41.500
Port, nine hour, nine, six.

08:42.510 --> 08:46.560
And we can see that it's actually connected, so I'm going to close that port as well.

08:46.770 --> 08:52.970
It's great that by closing it, so in my documentation, I've read the rules here to allow nine nine

08:52.980 --> 08:54.780
six on local host.

08:55.400 --> 09:02.880
So I'm accepting source local host destination port nine and on six, that's OK, but dropping everything

09:02.880 --> 09:04.680
else, and I'll just verify that.

09:06.000 --> 09:11.700
So I would go so excepting 1996 from local hosts and dropping everywhere else.

09:11.820 --> 09:18.600
OK, so another tool that you can use to check what Porter service is using is the SS Command on Ubuntu

09:18.600 --> 09:20.620
twenty one, zero four and above.

09:20.640 --> 09:22.620
It's very similar to the old netstat command.

09:22.740 --> 09:27.810
Here I'm going to return results with the word Lokey in them, so enter that here.

09:27.840 --> 09:33.540
It's word wraps, so it's quite hard to say, but you can see that the low key Linux I am d is using

09:33.540 --> 09:36.390
Port 99, six and three 100.

09:36.570 --> 09:40.470
OK, so if you're going to have these services running on your servers, you will need to ensure that

09:40.470 --> 09:42.690
they're not exposing information accidentally.

09:42.730 --> 09:43.650
OK, excellent.

09:43.710 --> 09:49.160
And also, be sure to read my information on keeping rules persistent if you're using IP tables.

09:49.230 --> 09:52.620
I'm going to create a backup of my IP tables rules now.

09:52.650 --> 09:56.490
I'm only using IP version four, so I need to run that one.

09:56.580 --> 09:57.000
Excellent.

09:57.030 --> 10:00.870
So the next video will set up the prompt health service to read log falls.

10:01.110 --> 10:01.590
Excellent.