WEBVTT 00:00.180 --> 00:04.950 OK, so now we're going to install a second prompt health service, so we'll have to prompt health running 00:04.950 --> 00:06.980 and we'll be able to query those in Karana. 00:07.050 --> 00:11.730 OK, so we have the lucky data source, we have the lucky service and we have the prompt health service 00:11.730 --> 00:14.010 all running on our Bafana's server. 00:14.040 --> 00:19.410 So in this one, I'm going to install a prompt health service on my MySchool server that we set up in 00:19.410 --> 00:23.940 this section and that will be pushing data to the Lokey service on the performance server. 00:24.000 --> 00:28.920 And this is to demonstrate that you can have as many prompt health services running wherever you want 00:28.920 --> 00:32.840 or pushing to the same lucky service and being able to query those in Griffon. 00:32.970 --> 00:36.300 But because they'll be running on different servers, there are quite a few considerations. 00:36.450 --> 00:41.460 So we'll start off by installing the prompt tale binary on the mosque, your server. 00:41.490 --> 00:47.550 I'm going to use pretty much the same process as was demonstrated in the install prompt binary installed 00:47.550 --> 00:48.420 as a service section. 00:48.420 --> 00:50.850 So I'm logging on to my my SQL server. 00:50.880 --> 00:53.580 OK, I'm going to install the same version. 00:53.580 --> 00:55.410 So City use a local bin. 00:55.440 --> 00:59.310 I'm going to install the same version that was two point four point one. 00:59.310 --> 01:05.830 The pronto Linux i amd64 going to unzip it in, flighting it should already have permissions. 01:05.850 --> 01:13.530 I can check that Ellis LRH and prompted Linux AMD64 already has execute permissions now to create a 01:13.530 --> 01:17.100 config screen in a config pronto or HTML. 01:17.430 --> 01:22.400 Or paste this in now remembering I'm actually changing my GOP support. 01:22.410 --> 01:25.100 You don't have to do this to 1997. 01:25.110 --> 01:28.080 This is so I can explicitly block that port later on. 01:28.080 --> 01:30.570 Using zero will assign a dynamic port. 01:30.570 --> 01:36.060 The client bureau will be my Safana server, so it's not pushing to a local wiki. 01:36.060 --> 01:41.400 Service is pushing to a like a server spreading across a network, and I set up my to my name Gryphon 01:41.400 --> 01:44.930 ISP Code Dot Net to point to the IP address of microphone server. 01:44.970 --> 01:48.930 It was sent to Port 3100 Loki API version one push. 01:49.110 --> 01:52.980 The scribe config is the same will be targeting local hosts. 01:53.100 --> 01:58.840 We have a job called VAR logs and we're reading all the files in the path VAR log style log. 01:58.860 --> 02:03.840 Now, when the star was pushed to the Loki service, there is no indication that it's coming from a 02:03.840 --> 02:08.850 different server so we can add another label no press spaces when you move the cursor along, because 02:08.850 --> 02:11.970 why HTML files don't like tabs in experience. 02:11.970 --> 02:12.720 So host. 02:12.870 --> 02:16.620 I'm going to call my label host and I'm going to name it my skill. 02:16.650 --> 02:21.060 That's just the name of my hosts that I've written control to save that. 02:21.210 --> 02:22.680 Yes, that's very good. 02:22.960 --> 02:25.220 OK, I'm now going to configure it as a service. 02:25.230 --> 02:28.260 I'm going to add the user prompt Hale to run that process. 02:28.770 --> 02:31.890 OK, system pronto ID a chrome tail. 02:31.890 --> 02:32.700 I can check it. 02:32.910 --> 02:33.270 I go. 02:33.390 --> 02:35.040 It's in the prompt mail group. 02:35.500 --> 02:39.450 A call prompts service in the ATC system. 02:39.450 --> 02:40.760 The system voter. 02:40.980 --> 02:42.240 Hey, I'll add this script. 02:42.990 --> 02:49.320 Hey, it's going to run that pronto tail and that configuration file usr local bin config pronto Troll 02:49.320 --> 02:49.850 X. 02:49.860 --> 02:53.070 Yes, we can now start the prompt mail service. 02:53.850 --> 02:59.370 Note that we will have some errors that we will resolve, and I'll just check the status just to see 02:59.370 --> 03:00.780 what it's saying right now. 03:00.780 --> 03:02.310 So it's active running, that's good. 03:02.310 --> 03:04.830 But we can see generally two errors here. 03:04.830 --> 03:07.160 It cannot read the log files. 03:07.170 --> 03:09.990 Permission denied it also error sending batch. 03:10.680 --> 03:13.950 It basically cannot send to Port 3.1 Internet Server. 03:14.130 --> 03:19.950 That's because I've set up the IP tables, rules and blocked Port 3.1 for external requests, so we'll 03:19.950 --> 03:26.700 fix up the IP tables rules on Mega-fauna server first to allow this MySchool server to push to three 03:27.240 --> 03:30.780 so control C to get out of the status of dagalo into Mega-fauna server. 03:31.850 --> 03:34.950 OK, so one microphone, a seven hour router, Cafaro dot com. 03:34.970 --> 03:38.630 I'm not going to verify my IP table's rules or IP tables. 03:39.000 --> 03:42.860 OK, so these are my rules for Port 3100 here, these two here. 03:42.860 --> 03:47.250 So I'm accepting local hosts three 100, but dropping everything else through 100. 03:47.270 --> 03:54.350 I'm going to insert a new rule here at Line three, one to three that will allow my MySchool server 03:54.350 --> 03:55.010 to connect. 03:55.250 --> 04:04.610 OK, so back on the prompter service page, scrolling down this line here by just clear paste the IP 04:04.610 --> 04:05.630 address to allow. 04:05.660 --> 04:09.820 So is there meaning source the source IP will be mom. 04:09.830 --> 04:14.180 Ask your server, which is that IP address their your IP address will be different. 04:14.180 --> 04:16.770 Destination ports three 100 exit. 04:16.790 --> 04:19.280 And here I'm putting it into position. 04:19.280 --> 04:19.750 Three. 04:19.760 --> 04:26.500 So enter now IP tables l again and we have a new rule here accepting the IP address. 04:26.510 --> 04:28.700 Three hundred still accepting local hosts. 04:28.700 --> 04:31.430 Three hundred and dropping everything else through 100. 04:31.580 --> 04:33.630 OK, so going back onto my mosque, your server? 04:34.130 --> 04:37.280 If I did the status again, sudo service prompt our status. 04:37.400 --> 04:43.340 We shouldn't be saying that era anymore, and I can't actually say in that last few lines of log there. 04:43.340 --> 04:48.220 But but anyway, next problem is to solve the permission denied for the full names. 04:48.320 --> 04:48.680 OK. 04:49.130 --> 04:54.500 So if we slide into the VAR log folder there, I'm just highlighting that. 04:54.500 --> 04:56.450 And then if I right click it copies it down. 04:56.600 --> 04:58.790 It's one less LRH. 04:58.940 --> 05:02.420 All the log files that I want to read are IBM Group. 05:02.570 --> 05:05.090 So let's add our prompt L user to the idea of group. 05:05.150 --> 05:07.430 OK, that was on the prompter page. 05:09.270 --> 05:12.390 Use a mod add to the Group ID. Pronto. 05:12.480 --> 05:14.490 Now we do it from tail. 05:14.580 --> 05:18.060 We can see that the promptly user is in the IDM group as well. 05:18.090 --> 05:18.510 Excellent. 05:18.540 --> 05:23.260 It should now be able to read us look fall, so it's still a status again on prom tail running on my 05:23.280 --> 05:24.850 skill machine status. 05:24.870 --> 05:26.760 I just move along sideways. 05:26.840 --> 05:28.290 OK, I need to restart. 05:28.320 --> 05:32.540 Sudo service from tail restart. 05:32.550 --> 05:33.860 OK, set us again. 05:33.870 --> 05:36.630 OK, not seeing any errors control c. 05:36.630 --> 05:38.430 Let's try this again. 05:38.460 --> 05:43.170 OK, we now got seeked happening, so the log files are now being read. 05:43.410 --> 05:47.310 OK, so that's what we now have a prompt health service running on my mask. 05:47.310 --> 05:51.150 Your server pushing data to the wiki service, running a microphone, a server that means we should 05:51.150 --> 05:53.040 now be able to go in Agraféna and see it. 05:53.220 --> 05:56.190 OK, so open Gravano Explore Tab Log Browser. 05:56.190 --> 06:01.830 We've got a new entry here for host, so let's just dissect those and look at host Bing MySchool. 06:01.840 --> 06:05.790 We can click that and we can show logs and these are all the logs from a mosque. 06:05.790 --> 06:08.910 Your server now going back to log browser here. 06:08.940 --> 06:17.160 Now, if I look at job and press bollocks show logs, we're going to see some which come from microphone, 06:17.160 --> 06:21.330 a server and some which come from my mosque, who also says a third label. 06:21.330 --> 06:22.550 Their host was cool. 06:22.560 --> 06:28.410 I'm going to add a label to microphone a server as well so that we can query one or the other more effectively 06:28.410 --> 06:29.570 or both at the same time. 06:29.580 --> 06:31.290 So I'm a microphone, a server. 06:31.380 --> 06:35.220 I'm going to edit my prompter config player on CD. 06:35.550 --> 06:38.790 Use local bin Ellis. 06:39.240 --> 06:43.320 It's my prompter config sudo nano config. 06:43.320 --> 06:52.010 While I am out and down here in the labels all that a new label, six spaces, most coal and Safana. 06:52.140 --> 06:54.910 OK, so control x yes. 06:54.960 --> 06:56.070 Three Start from tail. 06:57.530 --> 06:59.810 OK, we can double check its status. 07:01.100 --> 07:01.670 Very good. 07:01.790 --> 07:02.940 I don't see any errors. 07:03.920 --> 07:11.600 OK, going back into the low browser, explore low key web browser based, I now have to host Safana 07:11.600 --> 07:20.690 in my school so I can search for VAR logs on my school, see host my school logs or VAR logs on Hosaka 07:20.690 --> 07:27.590 Pharma or VAR logs for both servers at the same time to show logs, they've got Kephart on my Kirk or 07:28.190 --> 07:29.180 from my school. 07:29.330 --> 07:36.410 Same time, I can say just give me the host my school by pressing that cluster that has updated the 07:36.650 --> 07:37.400 stream selector. 07:37.430 --> 07:43.220 Now, going back to one of the more complicated queries from the last video going down to the aggregate 07:43.370 --> 07:48.120 groups section down here, we can now group by host. 07:48.140 --> 07:49.160 So copy that. 07:50.510 --> 07:58.430 And put that in there, so some can't over time job VAR logs by host press shift and so OK, so I have 07:58.430 --> 07:59.120 two counts. 07:59.120 --> 08:04.780 There will actually have three counts there because our original ones were actually tagged as Gravano. 08:04.790 --> 08:11.330 But if I just view those two there that we can see that we're now getting two lines, this green one 08:11.330 --> 08:12.980 will eventually just disappear. 08:12.980 --> 08:15.170 So I would just say to five minutes. 08:15.320 --> 08:17.180 OK, well, the colors changed this now. 08:17.180 --> 08:18.380 California and Moscow. 08:18.530 --> 08:18.900 Excellent. 08:18.920 --> 08:20.390 OK, so I'm happy that that's working. 08:20.390 --> 08:24.900 I can get data from property on my Moscow server and view it in Cabana. 08:24.920 --> 08:30.920 But what's going on here is promptly sending that data unencrypted across the internet to my grandfather's 08:30.920 --> 08:31.340 server. 08:31.400 --> 08:33.880 Log files normally contain very sensitive data. 08:33.890 --> 08:36.860 They can contain the things that people typing into a server. 08:36.890 --> 08:40.250 They can contain IP addresses, passwords, all kinds of things. 08:40.280 --> 08:44.390 So if you're running on a public network like I am, you need to make sure that information is encrypted 08:44.390 --> 08:45.080 as it's sent. 08:45.200 --> 08:49.820 So since I've already set up a domain name and SSL right at the beginning of the course and enabled 08:49.820 --> 08:55.670 that using the index reverse proxy, I'm going to set up low key service behind the next reverse proxy 08:55.670 --> 09:01.940 so that external prop tables can send data by that that will have the SSL certificate bound. 09:01.970 --> 09:04.940 So any traffic will be encrypted when it's being sent to Loki. 09:05.030 --> 09:10.790 Also note that I'm using this method because both of those are effectively independent servers on the 09:10.790 --> 09:11.300 internet. 09:11.480 --> 09:15.740 Normally, servers in a corporate environment will be on a virtual private network, so the data would 09:15.740 --> 09:17.720 be sent through a private network anyway. 09:17.720 --> 09:21.440 But because these are both on the internet and you might have the situation, I'm going to show you 09:21.440 --> 09:22.250 how I solve it. 09:22.310 --> 09:23.400 That's using interconnects. 09:23.530 --> 09:30.620 OK, so on the install second pontos service page, I'm going to edit my engine configuration on Mega-fauna 09:30.620 --> 09:31.010 server. 09:31.100 --> 09:35.410 Some of my cofounders server that wrote, Agraféna, I'm going to open up my ingenious configuration. 09:35.420 --> 09:40.150 So that was in the folder, said ATC and Genetics. 09:40.370 --> 09:42.070 So it's enabled. 09:42.260 --> 09:47.630 So else there's the default, which is the default web page for Engine X. And there's that one that 09:47.630 --> 09:48.180 I created. 09:48.200 --> 09:52.550 So sudo nano Profar, Nice B code dot net dot com. 09:53.060 --> 09:53.740 There it is. 09:53.750 --> 09:56.420 I'm going to add another location in there. 09:56.420 --> 10:00.950 So adding a line, a few spaces going to copy just this section here. 10:01.040 --> 10:02.150 Don't copy the full stop. 10:02.300 --> 10:05.300 I'm just indicating that this launch before and after so. 10:05.390 --> 10:08.140 Copy that and right click Press Enter. 10:08.150 --> 10:14.510 I'm creating a new location, which is the low key path, so I use titbits Karadzic's Dot Net Slash 10:14.510 --> 10:22.130 Loki, and that I will allow my MySchool server, whose IP address was hosting that they're denying 10:22.130 --> 10:23.030 everything else. 10:23.060 --> 10:29.870 I'm a proxy pass to internal local hosts 3100, so I'm using existing SSL certificates that were managed 10:29.870 --> 10:30.350 by Cert. 10:30.650 --> 10:36.320 So any request to Mega-fauna server while Loki from that IP address will be encrypted. 10:36.470 --> 10:37.760 Everything else will be denied. 10:37.880 --> 10:43.490 It'll be passed internally to the Loki servers running on local hosts through a Control X to save. 10:43.520 --> 10:44.060 Yes. 10:44.310 --> 10:48.390 And OK, we can check that the next configuration is OK. 10:48.410 --> 10:53.480 So Engine X Half A. And it says syntax is OK and test is successful. 10:53.480 --> 10:53.990 Very good. 10:53.990 --> 10:55.190 Its restart Engine X. 10:56.340 --> 11:00.410 And genetics very start chicken studies. 11:01.450 --> 11:03.970 And that's all good active crime control. 11:04.010 --> 11:10.010 See now going back onto my most crossover on my mice crossover, now I'm going to get back into my pronto 11:10.010 --> 11:14.780 config C.D. use local in Dallas. 11:14.840 --> 11:16.970 There it is, Sudan and I. 11:18.160 --> 11:19.340 Config pronto. 11:19.360 --> 11:20.020 Why, ammo? 11:21.060 --> 11:24.180 I've no longer to use that ATP 3100. 11:24.210 --> 11:31.740 I'm going to now push to hasty TPS refiner SB code dot net slash Loki, that was the path that I created 11:31.860 --> 11:35.820 and then use everything else, which is the same Loki API version one push. 11:36.270 --> 11:40.560 So espectador net slash Loki is the endpoint that I credit Loki API version. 11:40.560 --> 11:47.910 When push is the remaining part of the URL that Loki in point expects control x yes. 11:48.030 --> 11:49.200 Restart from tail. 11:50.820 --> 11:51.360 All right, good. 11:51.570 --> 11:52.620 Or take a status. 11:54.160 --> 11:58.310 OK, now I don't see any connection errors for that new euro. 11:58.330 --> 11:59.140 It's very, very good. 11:59.170 --> 12:07.210 If you want to test that, you can access that from your module so they can use curl and type in HTP 12:07.210 --> 12:10.180 es colon slash slash on a. 12:11.290 --> 12:15.110 It's less low-key, for example, and it's returned a three to one redirect. 12:15.130 --> 12:15.690 That's right. 12:15.700 --> 12:20.410 Now also, I've only enabled that for my wife's cable server. 12:20.440 --> 12:26.020 So if I just copy that and try to access that URL from the server where I'm making this video, I used 12:26.020 --> 12:29.320 to be a sacrifice code dot net Rs for three forbidden. 12:29.320 --> 12:32.620 So the only server that can access that is my Moscow set. 12:32.800 --> 12:33.280 Excellent. 12:33.370 --> 12:40.540 So I no longer need that Ro Port 3100 for my Moscow also, because I'm now going by the index reverse 12:40.540 --> 12:43.060 proxy, which is enforcing ISO. 12:43.090 --> 12:44.880 So I'm going to delete that input. 12:44.900 --> 12:45.580 I had it before. 12:45.580 --> 12:52.360 So becoming a fan of server clear IP tables often l line numbers. 12:52.570 --> 12:59.080 It's shown me that if I just scroll up, the input three is that specific rule that I've added, I'm 12:59.080 --> 13:00.010 going to delete that rule. 13:00.010 --> 13:03.100 So I play tables, delete input three. 13:03.130 --> 13:09.280 Now let's raid that IP tables list again, and it's no longer there on the two rules for three 100 local 13:09.280 --> 13:09.740 hosts. 13:09.760 --> 13:15.370 And anyway, OK, so security of your data is a consideration when running services across different 13:15.370 --> 13:17.690 servers that are managing log files. 13:17.710 --> 13:23.950 If you were using us or similar, you would be setting up security groups to allow and deny access and 13:23.950 --> 13:27.250 may also be setting up encryption on those channels as well. 13:27.280 --> 13:31.960 I'm asking you to share my service, which are just unrestricted Ubuntu's on the internet, and I've 13:31.960 --> 13:32.950 used digital data for that. 13:33.160 --> 13:37.840 Digitization also has VPC configuration options, which you can manage. 13:37.900 --> 13:43.600 OK, so looking at the networking tab on digital ocean for my particular servers VPC. 13:44.730 --> 13:52.230 I have three servers here, my Amsterdam section, all on the same subnet here, so I could have actually 13:52.230 --> 13:57.520 just connected using those internal pipes between my MySchool and Raphinha's servers if I wanted to. 13:57.540 --> 14:02.790 But publishing, if you didn't have that option, then you'd have to be making sure that all your messages 14:02.790 --> 14:07.140 as I travelled across a public network were encrypted and access is controlled. 14:07.290 --> 14:08.250 OK, excellent. 14:08.280 --> 14:15.750 And also, since I have prompter running on my Moscow server now, I should block access to Port nine 14:15.750 --> 14:19.630 zero eight zero from external requests just before I do that. 14:19.650 --> 14:23.800 One thing I haven't showed yet about Toronto is that it has its own web user interface. 14:23.820 --> 14:32.330 So if I go to my Moscow server IP, which is that hole in 98, we have a prompt tell user interface. 14:32.340 --> 14:37.230 Now it's showing a lot of information or statistics there that you can look at and view, and that's 14:37.230 --> 14:38.610 the configuration. 14:38.610 --> 14:44.220 We only created that small section, really nice configuration, but there are a lot of defaults that 14:44.310 --> 14:46.790 prompter will use and you can manage all of those. 14:46.830 --> 14:51.090 But as you can see, that's exposed on the internet, and I don't really want that. 14:51.090 --> 14:52.900 So I'm going to block 98. 14:53.160 --> 14:58.970 So if I copy that whole section there, I'm going set local host 980 and block everything else. 14:58.980 --> 15:01.320 I'm on my Moscow server where I've install one. 15:01.320 --> 15:03.360 You prob tail this presenter. 15:03.720 --> 15:05.630 I now have new rules for 98. 15:05.940 --> 15:07.920 They're accepting local host 980. 15:07.930 --> 15:09.990 That's OK, but dropping everything else. 15:10.080 --> 15:13.440 So that now means if I refresh that, that's just going to timeout. 15:13.560 --> 15:16.380 That will take about 30 seconds to start in your browser. 15:16.480 --> 15:19.260 That it was time out doesn't work anymore. 15:20.290 --> 15:21.490 OK, so timed out. 15:22.770 --> 15:23.340 And that one. 15:23.800 --> 15:24.690 OK, so torn down. 15:25.230 --> 15:25.650 Excellent. 15:25.940 --> 15:27.600 That takes about 30 seconds to time out. 15:27.910 --> 15:29.450 I get about time, right? 15:29.490 --> 15:29.830 OK? 15:29.850 --> 15:35.910 And since I also explicitly used my GOP support as 1997, I'm going to allow blog post as well. 15:36.000 --> 15:37.680 OK, so I copied the first line. 15:39.030 --> 15:45.120 OK, GOP say, will sometimes call itself by its external IP address, so you might need to enable this 15:45.120 --> 15:45.360 one. 15:45.900 --> 15:50.070 OK, I'm going to allow local host to drop everything else. 15:50.970 --> 15:51.940 And listed again. 15:51.960 --> 15:56.250 OK, so I have some rules for 1997, so my first one. 15:56.400 --> 15:59.280 It has replaced my IP address of my host name. 15:59.310 --> 16:00.350 So that's OK. 16:00.360 --> 16:06.060 If you're having problems connecting to prompt tail or low key internally on your own networks, it 16:06.060 --> 16:11.100 may be useful to do what I did, Steve, where I added a rule using my external IP and replaced it with 16:11.100 --> 16:11.820 the hostname. 16:11.820 --> 16:14.730 Anyway, Loki and tail are quite complicated to set up. 16:14.740 --> 16:20.070 I've done it many times now, so anyway, let's go back into Carafano and verify that everything still 16:20.070 --> 16:20.640 works. 16:20.880 --> 16:24.830 Loki low browser app hosts Profondeur was cool. 16:24.840 --> 16:29.430 I was queried by VAR Log and I should get everything show logs for the last five minutes and then we 16:29.430 --> 16:32.670 go to a mosque, often on my school. 16:33.450 --> 16:33.870 Excellent. 16:33.930 --> 16:39.060 The next video will create a dashboard that starts using this data, and we'll add some complex functionality 16:39.060 --> 16:44.250 to that called annotation queries and how we can link the logs and the graph panels together. 16:44.310 --> 16:44.790 Excellent.